Correct the reset command

- Also allow chain names to be specified a la the refresh command

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.common

@@ -499,9 +499,9 @@ in_network() # $1 = IP address, $2 = CIDR network
 #
 # Query NetFilter about the existence of a filter chain
 #
-chain_exists() # $1 = chain name
+chain_exists() # $1 = chain name, $2 = table name (optional)
 {
-    qt1 $g_tool -L $1 -n
+    qt1 $g_tool -t ${2:-filter} -L $1 -n
 }
 
 #

Shorewall/Perl/prog.footer

@@ -266,17 +266,39 @@ case "$COMMAND" in
 	else
 	    shift
 	    status=0
+	    table=filter
 	    for chain in $@; do
-		if chain_exists $chain; then
+	    	case $chain in
-		    if qt $g_tool-Z $chain; then
+		    *:*)
-			progress_message3 "Filter $chain Counters Reset"
+			table=${chain%:*}
+			chain=${chain#*:}
+			case $table in
+			    raw|nat|mangle|filter)
+			        ;;
+			    *)
+				error_message "ERROR: Invalid table name ($table)"
+				status=2
+				;;
+			esac
+			;;
+		    *)
+			;;
+		esac
+
+		if [ $status -eq 0 ]; then
+		    if chain_exists $chain $table; then
+			if qt $g_tool -t $table -Z $chain; then
+			    progress_message3 "Completed counter reset of $table chain $chain"
 			else
-			error_message "ERROR: Reset of chain $chain failed"
+			    error_message "ERROR: Reset of $table chain $chain failed"
 			    status=2
 			    break
 			fi
 		    else
-		    error_message "WARNING: Filter Chain $chain does not exist"
+			error_message "WARNING: $table chain $chain does not exist"
+		    fi
+		else
+		    break;
 		fi
 	    done
 	fi

Shorewall/manpages/shorewall.xml

@@ -497,7 +497,9 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>reset</option></arg>
+      <arg
+      choice="plain"><option>reset</option><arg><replaceable>chain</replaceable>
+      ...</arg></arg>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -1768,6 +1770,13 @@
           <replaceable>chain</replaceable>(s). If no
           <replaceable>chain</replaceable> is specified, all the packet and
           byte counters in the firewall are reset.</para>
+
+          <para>Beginning with Shorewall 5.0.0,
+          <replaceable>chain</replaceable> may be composed of both a table
+          name and a chain name separated by a colon (e.g.,
+          mangle:PREROUTING). Chain names following that don't include a table
+          name are assumed to be in that same table. If no table name is given
+          in the command, the filter table is assumed.</para>
         </listitem>
       </varlistentry>
 

Shorewall6/manpages/shorewall6.xml

@@ -451,7 +451,9 @@
 
       <arg>-<replaceable>options</replaceable></arg>
 
-      <arg choice="plain"><option>reset</option></arg>
+      <arg
+      choice="plain"><option>reset</option><arg><replaceable>chain</replaceable>
+      ...</arg></arg>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -1703,6 +1705,13 @@
           <replaceable>chain</replaceable>(s). If no
           <replaceable>chain</replaceable> is specified, all the packet and
           byte counters in the firewall are reset.</para>
+
+          <para>Beginning with Shorewall 5.0.0,
+          <replaceable>chain</replaceable> may be composed of both a table
+          name and a chain name separated by a colon (e.g.,
+          mangle:PREROUTING). Chain names following that don't include a table
+          name are assumed to be in that same table. If no table name is given
+          in the command, the filter table is assumed.</para>
         </listitem>
       </varlistentry>