From 1f9d9629c8b2fc51554cc11bb46c80fdca48f4da Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 18 Jan 2006 20:17:58 +0000 Subject: [PATCH] More rationalization of options and commands git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/help | 38 ++++--- Shorewall/shorewall | 237 ++++++++++++++++++++++++++++++++++++++------ 2 files changed, 231 insertions(+), 44 deletions(-) diff --git a/Shorewall/help b/Shorewall/help index 2280478be..a60abfcc1 100755 --- a/Shorewall/help +++ b/Shorewall/help @@ -88,15 +88,21 @@ clear) ;; compile) - echo "compile: compile [ -e ] [ ] + echo "compile: compile [ -e ] [ -p ] [ ] Compiles the current configuration into the executable file - /var/lib/shorewall/ + . If names a file in /var/lib/shorewall then + the file may be executed using the \"restore\" command. When -e is specified, the compilation is being performed on a system other than where the compiled script will run. This option disables certain configuration options that require the script to be compiled where it is to be run. + When -p is specified, a complete program is produced that supports + the 'start', 'stop', 'restart', etc. commands. That program is suitable + for placing in /etc/init.d/ and can provide a firewall on a system + without Shorewall installed. + 'generate' is a synonym for 'compile'." ;; @@ -220,7 +226,8 @@ refresh) echo "refresh: [ -q ] refresh The rules involving the broadcast addresses of firewall interfaces, the black list, traffic control rules and ECN control rules are recreated - to reflect any changes made. Existing connections are untouched + to reflect any changes made. Existing connections are untouched. + If \"-q\" is specified, less detain is displayed making it easier to spot warnings" ;; @@ -234,11 +241,14 @@ reject) ;; reload) - echo "reload: reload [ ] + echo "reload: reload [ -q ] [ -n ] [ ] Causes Shorewall to generate a new compiled restore file using the named directory as the first search directory for configuration file. If that generation is error-free, - the generated restore file is executed." + the generated restore file is executed. + + If \"-q\" is specified, less detain is displayed making it easier to spot warnings + If \"-n\" is specified, no changes to routing will be made" ;; reset) @@ -247,9 +257,10 @@ reset) ;; restart) - echo "restart: [ -q ] [ -n ] restart [ ] + echo "restart: restart [ -q ] [ -n ] [ ] Restart is the same as a shorewall stop && shorewall start. Existing connections are maintained. + If \"-q\" is specified, less detain is displayed making it easier to spot warnings If \"-n\" is specified, no changes to routing will be made" ;; @@ -268,22 +279,17 @@ safe-start) ;; restore) - echo "restore: [ -n ] restore [ ] + echo "restore: restore [ -q ] [ -n ] [ ] Restore Shorewall to a state saved using the 'save' command Existing connections are maintained. The names a restore file in - /var/lib/shorewall created using "shorewall save"; if no is given + /var/lib/shorewall created using \"shorewall save\"; if no is given then Shorewall will be restored from the file specified by the RESTOREFILE option in shorewall.conf. + If \"-q\" is specified, less detain is displayed making it easier to spot warnings If \"-n\" is specified, no changes to routing will be made. - WARNING: If the restore file specified by was created using the - 'shorewall generate' command and error messages are produced during 'shorewall - restore' then your firewall is probably in an INSECURE STATE. - - YOU HAVE BEEN WARNED!!!! - - See also \"help save\", \"help generate\" and \"help forget\"" + See also \"help save\", \"help compile\" and \"help forget\"" ;; save) @@ -330,7 +336,7 @@ show) ;; start) - echo "start: [ -q ] [ -f ] [ -n ] start [ ] + echo "start: start [ -f ] [ -n ] [ -q ] [ ] Start shorewall. Existing connections through shorewall managed interfaces are untouched. New connections will be allowed only if they are allowed by the firewall rules or policies. diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 949c240ad..d59d60fec 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -502,18 +502,18 @@ help() # usage() # $1 = exit status { - echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] [ -n ] " + echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -v ] [ -n ] " echo "where is one of:" echo " add [:] ... " echo " allow
..." echo " check [ ]" echo " clear" - echo " compile [ -e ] [ -p ] [ ] " + echo " compile [ -e ] [ -p ] [ ] " echo " delete [:] ... " echo " drop
..." echo " dump" echo " forget [ ]" - echo " generate [ -e ] [-p ] [ ] " + echo " generate [ -e ] [-p ] [ ] " echo " help [ | host | address ]" echo " hits" echo " ipcalc {
/ |
}" @@ -523,12 +523,12 @@ usage() # $1 = exit status echo " refresh" echo " reject
..." echo " reset" - echo " reload [ ]" - echo " restart [ ]" - echo " restore [ ]" + echo " reload [ -n ] [ -q ] [ ]" + echo " restart [ -n ] [ -q ] [ ]" + echo " restore [ -n ] [ -q ] [ ]" echo " save [ ]" echo " show [ [ ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]" - echo " start [ ]" + echo " start [ -f ] [ -n ] [ -q ] [ ]" echo " stop" echo " status" echo " try [ ]" @@ -784,23 +784,66 @@ case $(echo -n "Testing") in ;; esac -case "$1" in +COMMAND=$1 + +case "$COMMAND" in start) + shift + + finished=0 + + while [ $finished -eq 0 -a $# -gt 0 ]; do + option=$1 + case $option in + -*) + option=${option#-} + + while [ -n "$option" ]; do + case $option in + -) + finished=1 + option= + ;; + q*) + QUIET=$(($QUIET + 1 )) + option=${option#q} + ;; + f*) + FAST=Yes + option=${option#f} + ;; + n*) + NOROUTES=Yes + option=${option#n} + ;; + *) + usage 1 + ;; + esac + done + shift + ;; + *) + finished=1 + ;; + esac + done + case $# in - 1) + 0) ;; - 2) + 1) [ -n "$SHOREWALL_DIR" -o -n "$FAST" ] && usage 2 - if [ ! -d $2 ]; then - if [ -e $2 ]; then - echo "$2 is not a directory" >&2 && exit 2 + if [ ! -d $1 ]; then + if [ -e $1 ]; then + echo "$1 is not a directory" >&2 && exit 2 else - echo "Directory $2 does not exist" >&2 && exit 2 + echo "Directory $1 does not exist" >&2 && exit 2 fi fi - SHOREWALL_DIR=$2 + SHOREWALL_DIR=$ export SHOREWALL_DIR ;; *) @@ -848,7 +891,7 @@ case "$1" in stop|reset|clear|refresh) [ $# -ne 1 ] && usage 1 export NOROUTES - exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 + exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND ;; compile|generate) shift @@ -925,7 +968,71 @@ case "$1" in exec $SHOREWALL_SHELL $FIREWALL $debugging generate $file ;; - check|restart) + restart) + shift + + finished=0 + + while [ $finished -eq 0 -a $# -gt 0 ]; do + option=$1 + case $option in + -*) + option=${option#-} + + while [ -n "$option" ]; do + case $option in + -) + finished=1 + option= + ;; + q*) + QUIET=$(($QUIET + 1 )) + option=${option#q} + ;; + n*) + NOROUTES=Yes + option=${option#n} + ;; + *) + usage 1 + ;; + esac + done + shift + ;; + *) + finished=1 + ;; + esac + done + + case $# in + 0) + ;; + 1) + [ -n "$SHOREWALL_DIR" ] && usage 2 + + if [ ! -d $1 ]; then + if [ -e $1 ]; then + echo "$1 is not a directory" >&2 && exit 2 + else + echo "Directory $1 does not exist" >&2 && exit 2 + fi + fi + + SHOREWALL_DIR=$1 + export SHOREWALL_DIR + ;; + *) + usage 1 + ;; + esac + + export NOROUTES + + exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock restart + ;; + check) case $# in 1) ;; @@ -950,24 +1057,61 @@ case "$1" in export NOROUTES - exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 + exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock check ;; reload) + shift + + finished=0 + + while [ $finished -eq 0 -a $# -gt 0 ]; do + option=$1 + case $option in + -*) + option=${option#-} + + while [ -n "$option" ]; do + case $option in + -) + finished=1 + option= + ;; + q*) + QUIET=$(($QUIET + 1 )) + option=${option#q} + ;; + n*) + NOROUTES=Yes + option=${option#n} + ;; + *) + usage 1 + ;; + esac + done + shift + ;; + *) + finished=1 + ;; + esac + done + case $# in - 1) + 0) ;; - 2) + 1) [ -n "$SHOREWALL_DIR" ] && usage 2 - if [ ! -d $2 ]; then - if [ -e $2 ]; then - echo "$2 is not a directory" >&2 && exit 2 + if [ ! -d $1 ]; then + if [ -e $1 ]; then + echo "$1 is not a directory" >&2 && exit 2 else - echo "Directory $2 does not exist" >&2 && exit 2 + echo "Directory $1 does not exist" >&2 && exit 2 fi fi - SHOREWALL_DIR=$2 + SHOREWALL_DIR=$1 export SHOREWALL_DIR ;; *) @@ -1404,11 +1548,48 @@ case "$1" in esac ;; restore) + shift + + finished=0 + + while [ $finished -eq 0 -a $# -gt 0 ]; do + option=$1 + case $option in + -*) + option=${option#-} + + while [ -n "$option" ]; do + case $option in + -) + finished=1 + option= + ;; + q*) + QUIET=$(($QUIET + 1 )) + option=${option#q} + ;; + n*) + NOROUTES=Yes + option=${option#n} + ;; + *) + usage 1 + ;; + esac + done + shift + ;; + *) + finished=1 + ;; + esac + done + case $# in - 1) + 0) ;; - 2) - RESTOREFILE="$2" + 1) + RESTOREFILE="$1" validate_restorefile '' ;; *)