mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-25 00:53:49 +01:00
Add SAVE_COUNTERS option.
- Also implement recover command Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
edc30fcc8d
commit
3454e10525
@ -493,6 +493,8 @@ save_config() {
|
||||
|
||||
[ -x $iptables_save ] || echo "$iptables-save does not exist or is not executable" >&2
|
||||
|
||||
[ -n "$SAVE_COUNTERS" ] && iptables_save="$iptables_save --counters"
|
||||
|
||||
if product_is_started ; then
|
||||
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
|
||||
|
||||
@ -1624,6 +1626,11 @@ restore_command() {
|
||||
g_noroutes=Yes
|
||||
option=${option#n}
|
||||
;;
|
||||
p*)
|
||||
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
|
||||
g_purge=Yes
|
||||
option=${option%p}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
@ -3576,9 +3583,10 @@ usage() # $1 = exit status
|
||||
echo " logreject <address> ..."
|
||||
echo " logwatch [<refresh interval>]"
|
||||
echo " reject <address> ..."
|
||||
echo " recover [ -n ] [ -p ]"
|
||||
echo " reset [ <chain> ... ]"
|
||||
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " restore [ -n ] [ -p ] [ <file name> ]"
|
||||
echo " run <command> [ <parameter> ... ]"
|
||||
echo " save [ <file name> ]"
|
||||
echo " [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
|
||||
@ -3844,6 +3852,15 @@ shorewall_cli() {
|
||||
shift
|
||||
restart_command $@
|
||||
;;
|
||||
recover)
|
||||
get_config Yes Yes
|
||||
shift
|
||||
if [ -n "$SAVE_COUNTERS" -a -f ${VARDIR}/${RESTOREFILE} ]; then
|
||||
restore_command $@
|
||||
else
|
||||
start_command $@
|
||||
fi
|
||||
;;
|
||||
disable|enable)
|
||||
get_config Yes
|
||||
if product_is_started; then
|
||||
|
@ -6521,7 +6521,7 @@ sub set_chain_variables() {
|
||||
|
||||
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
|
||||
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
|
||||
|
||||
emit( 'IPTABLES_RESTORE="$IPTABLES_RESTORE --counters"' ) if $config{SAVE_COUNTERS};
|
||||
emit( 'g_tool=$IPTABLES' );
|
||||
} else {
|
||||
if ( $config{IP6TABLES} ) {
|
||||
@ -6536,7 +6536,7 @@ sub set_chain_variables() {
|
||||
|
||||
emit( 'IP6TABLES_RESTORE=${IP6TABLES}-restore',
|
||||
'[ -x "$IP6TABLES_RESTORE" ] || startup_error "$IP6TABLES_RESTORE does not exist or is not executable"' );
|
||||
|
||||
emit( 'IP6TABLES_RESTORE="$IP6TABLES_RESTORE --counters"' ) if $config{SAVE_COUNTERS};
|
||||
emit( 'g_tool=$IP6TABLES' );
|
||||
}
|
||||
|
||||
|
@ -849,6 +849,7 @@ sub initialize( $;$$) {
|
||||
REJECT_ACTION => undef,
|
||||
INLINE_MATCHES => undef,
|
||||
BASIC_FILTERS => undef,
|
||||
SAVE_COUNTERS => undef,
|
||||
#
|
||||
# Packet Disposition
|
||||
#
|
||||
@ -5661,6 +5662,7 @@ sub get_configuration( $$$$$ ) {
|
||||
default_yes_no 'TRACK_RULES' , '';
|
||||
default_yes_no 'INLINE_MATCHES' , '';
|
||||
default_yes_no 'BASIC_FILTERS' , '';
|
||||
default_yes_no 'SAVE_COUNTERS' , '';
|
||||
|
||||
require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
|
||||
|
||||
|
@ -214,6 +214,8 @@ ROUTE_FILTER=No
|
||||
|
||||
SAVE_ARPTABLES=No
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=Internal
|
||||
|
@ -225,6 +225,8 @@ ROUTE_FILTER=No
|
||||
|
||||
SAVE_ARPTABLES=No
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=Internal
|
||||
|
@ -222,6 +222,8 @@ ROUTE_FILTER=No
|
||||
|
||||
SAVE_ARPTABLES=No
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=Internal
|
||||
|
@ -225,6 +225,8 @@ ROUTE_FILTER=No
|
||||
|
||||
SAVE_ARPTABLES=No
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=Internal
|
||||
|
@ -214,6 +214,8 @@ ROUTE_FILTER=No
|
||||
|
||||
SAVE_ARPTABLES=No
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=Internal
|
||||
|
@ -1669,12 +1669,13 @@ usage() # $1 = exit status
|
||||
echo " noiptrace <ip6tables match expression>"
|
||||
fi
|
||||
|
||||
echo " recover [ -n ] [ -p ]"
|
||||
echo " refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
|
||||
echo " reject <address> ..."
|
||||
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
|
||||
echo " reset [ <chain> ... ]"
|
||||
echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ <directory> ]"
|
||||
echo " restore [ -n ] [ <file name> ]"
|
||||
echo " restore [ -n ] [ -p ] [ <file name> ]"
|
||||
echo " run <command> [ <parameter> ... ]"
|
||||
echo " safe-restart [ -t <timeout> ] [ <directory> ]"
|
||||
echo " safe-start [ -t <timeout> ] [ <directory> ]"
|
||||
|
@ -2454,6 +2454,20 @@ INLINE - - - ; -j REJECT
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">SAVE_COUNTERS=</emphasis>[<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.6.5.</para>
|
||||
|
||||
<para>When set to Yes, this option causes the <emphasis
|
||||
role="bold">save</emphasis> and <emphasis
|
||||
role="bold">restore</emphasis> commands to respectively save and
|
||||
restore chain counters.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">SAVE_ARPTABLES=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
@ -357,6 +357,18 @@
|
||||
expression</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>-<replaceable>options</replaceable></arg>
|
||||
|
||||
<arg
|
||||
choice="plain"><option>recover</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall</command>
|
||||
|
||||
@ -452,7 +464,8 @@
|
||||
|
||||
<arg>-<replaceable>options</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><option>restore</option></arg>
|
||||
<arg
|
||||
choice="plain"><option>restore</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
|
||||
|
||||
<arg><replaceable>filename</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
@ -1246,6 +1259,29 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">recover</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.6.5.</para>
|
||||
|
||||
<para>If SAVE_COUNTERS=Yes in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and if
|
||||
the file specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) exists
|
||||
and is executable, then the command is the same as the <emphasis
|
||||
role="bold">restore</emphasis> command. Otherwise, it is treated the
|
||||
same as the <emphasis role="bold">start</emphasis> command.</para>
|
||||
|
||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||
updating the routing table(s).</para>
|
||||
|
||||
<para>The <option>-p</option> option causes the connection tracking
|
||||
table to be flushed; the <command>conntrack</command> utility must
|
||||
be installed to use this option.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">refresh</emphasis></term>
|
||||
|
||||
@ -1420,6 +1456,14 @@
|
||||
<emphasis>filename</emphasis> is given then Shorewall will be
|
||||
restored from the file specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||
updating the routing table(s).</para>
|
||||
|
||||
<para>The <option>-p</option> option, added in Shorewall 4.6.5,
|
||||
causes the connection tracking table to be flushed; the
|
||||
<command>conntrack</command> utility must be installed to use this
|
||||
option.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=Yes
|
||||
|
||||
RESTORE_ROUTEMARKS=Yes
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=No
|
||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
||||
|
||||
RESTORE_ROUTEMARKS=Yes
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=No
|
||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
||||
|
||||
RESTORE_ROUTEMARKS=Yes
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=No
|
||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
||||
|
||||
RESTORE_ROUTEMARKS=Yes
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=No
|
||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
||||
|
||||
RESTORE_ROUTEMARKS=Yes
|
||||
|
||||
SAVE_COUNTERS=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=No
|
||||
|
@ -2122,6 +2122,20 @@ INLINE - - - ; -j REJECT
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">SAVE_COUNTERS=</emphasis>[<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.6.5.</para>
|
||||
|
||||
<para>When set to Yes, this option causes the <emphasis
|
||||
role="bold">save</emphasis> and <emphasis
|
||||
role="bold">restore</emphasis> commands to respectively save and
|
||||
restore chain counters.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">SAVE_IPSETS=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis
|
||||
|
@ -308,6 +308,18 @@
|
||||
expression</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall6</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>-<replaceable>options</replaceable></arg>
|
||||
|
||||
<arg
|
||||
choice="plain"><option>recover</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall6</command>
|
||||
|
||||
@ -1130,6 +1142,30 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">recover</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.6.5.</para>
|
||||
|
||||
<para>If SAVE_COUNTERS=Yes in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
|
||||
if the file specified by the RESTOREFILE option in <ulink
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
|
||||
exists and is executable, then the command is the same as the
|
||||
<emphasis role="bold">restore</emphasis> command. Otherwise, it is
|
||||
treated the same as the <emphasis role="bold">start</emphasis>
|
||||
command.</para>
|
||||
|
||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||
updating the routing table(s).</para>
|
||||
|
||||
<para>The <option>-p</option> option causes the connection tracking
|
||||
table to be flushed; the <command>conntrack</command> utility must
|
||||
be installed to use this option.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">refresh</emphasis></term>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user