mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 02:54:18 +01:00
Add SAVE_COUNTERS option.
- Also implement recover command Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
edc30fcc8d
commit
3454e10525
@ -493,6 +493,8 @@ save_config() {
|
|||||||
|
|
||||||
[ -x $iptables_save ] || echo "$iptables-save does not exist or is not executable" >&2
|
[ -x $iptables_save ] || echo "$iptables-save does not exist or is not executable" >&2
|
||||||
|
|
||||||
|
[ -n "$SAVE_COUNTERS" ] && iptables_save="$iptables_save --counters"
|
||||||
|
|
||||||
if product_is_started ; then
|
if product_is_started ; then
|
||||||
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
|
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
|
||||||
|
|
||||||
@ -1624,6 +1626,11 @@ restore_command() {
|
|||||||
g_noroutes=Yes
|
g_noroutes=Yes
|
||||||
option=${option#n}
|
option=${option#n}
|
||||||
;;
|
;;
|
||||||
|
p*)
|
||||||
|
[ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
|
||||||
|
g_purge=Yes
|
||||||
|
option=${option%p}
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
usage 1
|
usage 1
|
||||||
;;
|
;;
|
||||||
@ -3576,9 +3583,10 @@ usage() # $1 = exit status
|
|||||||
echo " logreject <address> ..."
|
echo " logreject <address> ..."
|
||||||
echo " logwatch [<refresh interval>]"
|
echo " logwatch [<refresh interval>]"
|
||||||
echo " reject <address> ..."
|
echo " reject <address> ..."
|
||||||
|
echo " recover [ -n ] [ -p ]"
|
||||||
echo " reset [ <chain> ... ]"
|
echo " reset [ <chain> ... ]"
|
||||||
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
|
echo " restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
|
||||||
echo " restore [ -n ] [ <file name> ]"
|
echo " restore [ -n ] [ -p ] [ <file name> ]"
|
||||||
echo " run <command> [ <parameter> ... ]"
|
echo " run <command> [ <parameter> ... ]"
|
||||||
echo " save [ <file name> ]"
|
echo " save [ <file name> ]"
|
||||||
echo " [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
|
echo " [ show | list | ls ] [ -b ] [ -x ] [ -t {filter|mangle|nat} ] [ {chain [<chain> [ <chain> ... ]"
|
||||||
@ -3844,6 +3852,15 @@ shorewall_cli() {
|
|||||||
shift
|
shift
|
||||||
restart_command $@
|
restart_command $@
|
||||||
;;
|
;;
|
||||||
|
recover)
|
||||||
|
get_config Yes Yes
|
||||||
|
shift
|
||||||
|
if [ -n "$SAVE_COUNTERS" -a -f ${VARDIR}/${RESTOREFILE} ]; then
|
||||||
|
restore_command $@
|
||||||
|
else
|
||||||
|
start_command $@
|
||||||
|
fi
|
||||||
|
;;
|
||||||
disable|enable)
|
disable|enable)
|
||||||
get_config Yes
|
get_config Yes
|
||||||
if product_is_started; then
|
if product_is_started; then
|
||||||
|
@ -6521,7 +6521,7 @@ sub set_chain_variables() {
|
|||||||
|
|
||||||
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
|
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
|
||||||
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
|
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
|
||||||
|
emit( 'IPTABLES_RESTORE="$IPTABLES_RESTORE --counters"' ) if $config{SAVE_COUNTERS};
|
||||||
emit( 'g_tool=$IPTABLES' );
|
emit( 'g_tool=$IPTABLES' );
|
||||||
} else {
|
} else {
|
||||||
if ( $config{IP6TABLES} ) {
|
if ( $config{IP6TABLES} ) {
|
||||||
@ -6536,7 +6536,7 @@ sub set_chain_variables() {
|
|||||||
|
|
||||||
emit( 'IP6TABLES_RESTORE=${IP6TABLES}-restore',
|
emit( 'IP6TABLES_RESTORE=${IP6TABLES}-restore',
|
||||||
'[ -x "$IP6TABLES_RESTORE" ] || startup_error "$IP6TABLES_RESTORE does not exist or is not executable"' );
|
'[ -x "$IP6TABLES_RESTORE" ] || startup_error "$IP6TABLES_RESTORE does not exist or is not executable"' );
|
||||||
|
emit( 'IP6TABLES_RESTORE="$IP6TABLES_RESTORE --counters"' ) if $config{SAVE_COUNTERS};
|
||||||
emit( 'g_tool=$IP6TABLES' );
|
emit( 'g_tool=$IP6TABLES' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -849,6 +849,7 @@ sub initialize( $;$$) {
|
|||||||
REJECT_ACTION => undef,
|
REJECT_ACTION => undef,
|
||||||
INLINE_MATCHES => undef,
|
INLINE_MATCHES => undef,
|
||||||
BASIC_FILTERS => undef,
|
BASIC_FILTERS => undef,
|
||||||
|
SAVE_COUNTERS => undef,
|
||||||
#
|
#
|
||||||
# Packet Disposition
|
# Packet Disposition
|
||||||
#
|
#
|
||||||
@ -5661,6 +5662,7 @@ sub get_configuration( $$$$$ ) {
|
|||||||
default_yes_no 'TRACK_RULES' , '';
|
default_yes_no 'TRACK_RULES' , '';
|
||||||
default_yes_no 'INLINE_MATCHES' , '';
|
default_yes_no 'INLINE_MATCHES' , '';
|
||||||
default_yes_no 'BASIC_FILTERS' , '';
|
default_yes_no 'BASIC_FILTERS' , '';
|
||||||
|
default_yes_no 'SAVE_COUNTERS' , '';
|
||||||
|
|
||||||
require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
|
require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};
|
||||||
|
|
||||||
|
@ -214,6 +214,8 @@ ROUTE_FILTER=No
|
|||||||
|
|
||||||
SAVE_ARPTABLES=No
|
SAVE_ARPTABLES=No
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=Internal
|
TC_ENABLED=Internal
|
||||||
|
@ -225,6 +225,8 @@ ROUTE_FILTER=No
|
|||||||
|
|
||||||
SAVE_ARPTABLES=No
|
SAVE_ARPTABLES=No
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=Internal
|
TC_ENABLED=Internal
|
||||||
|
@ -222,6 +222,8 @@ ROUTE_FILTER=No
|
|||||||
|
|
||||||
SAVE_ARPTABLES=No
|
SAVE_ARPTABLES=No
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=Internal
|
TC_ENABLED=Internal
|
||||||
|
@ -225,6 +225,8 @@ ROUTE_FILTER=No
|
|||||||
|
|
||||||
SAVE_ARPTABLES=No
|
SAVE_ARPTABLES=No
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=Internal
|
TC_ENABLED=Internal
|
||||||
|
@ -214,6 +214,8 @@ ROUTE_FILTER=No
|
|||||||
|
|
||||||
SAVE_ARPTABLES=No
|
SAVE_ARPTABLES=No
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=Internal
|
TC_ENABLED=Internal
|
||||||
|
@ -1669,12 +1669,13 @@ usage() # $1 = exit status
|
|||||||
echo " noiptrace <ip6tables match expression>"
|
echo " noiptrace <ip6tables match expression>"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo " recover [ -n ] [ -p ]"
|
||||||
echo " refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
|
echo " refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
|
||||||
echo " reject <address> ..."
|
echo " reject <address> ..."
|
||||||
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
|
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
|
||||||
echo " reset [ <chain> ... ]"
|
echo " reset [ <chain> ... ]"
|
||||||
echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ <directory> ]"
|
echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ <directory> ]"
|
||||||
echo " restore [ -n ] [ <file name> ]"
|
echo " restore [ -n ] [ -p ] [ <file name> ]"
|
||||||
echo " run <command> [ <parameter> ... ]"
|
echo " run <command> [ <parameter> ... ]"
|
||||||
echo " safe-restart [ -t <timeout> ] [ <directory> ]"
|
echo " safe-restart [ -t <timeout> ] [ <directory> ]"
|
||||||
echo " safe-start [ -t <timeout> ] [ <directory> ]"
|
echo " safe-start [ -t <timeout> ] [ <directory> ]"
|
||||||
|
@ -2454,6 +2454,20 @@ INLINE - - - ; -j REJECT
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">SAVE_COUNTERS=</emphasis>[<emphasis
|
||||||
|
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.6.5.</para>
|
||||||
|
|
||||||
|
<para>When set to Yes, this option causes the <emphasis
|
||||||
|
role="bold">save</emphasis> and <emphasis
|
||||||
|
role="bold">restore</emphasis> commands to respectively save and
|
||||||
|
restore chain counters.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">SAVE_ARPTABLES=</emphasis>{<emphasis
|
<term><emphasis role="bold">SAVE_ARPTABLES=</emphasis>{<emphasis
|
||||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||||
|
@ -357,6 +357,18 @@
|
|||||||
expression</replaceable></arg>
|
expression</replaceable></arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
|
<cmdsynopsis>
|
||||||
|
<command>shorewall</command>
|
||||||
|
|
||||||
|
<arg
|
||||||
|
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||||
|
|
||||||
|
<arg>-<replaceable>options</replaceable></arg>
|
||||||
|
|
||||||
|
<arg
|
||||||
|
choice="plain"><option>recover</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
|
||||||
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
<command>shorewall</command>
|
<command>shorewall</command>
|
||||||
|
|
||||||
@ -452,7 +464,8 @@
|
|||||||
|
|
||||||
<arg>-<replaceable>options</replaceable></arg>
|
<arg>-<replaceable>options</replaceable></arg>
|
||||||
|
|
||||||
<arg choice="plain"><option>restore</option></arg>
|
<arg
|
||||||
|
choice="plain"><option>restore</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
|
||||||
|
|
||||||
<arg><replaceable>filename</replaceable></arg>
|
<arg><replaceable>filename</replaceable></arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
@ -1246,6 +1259,29 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">recover</emphasis></term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.6.5.</para>
|
||||||
|
|
||||||
|
<para>If SAVE_COUNTERS=Yes in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and if
|
||||||
|
the file specified by the RESTOREFILE option in <ulink
|
||||||
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) exists
|
||||||
|
and is executable, then the command is the same as the <emphasis
|
||||||
|
role="bold">restore</emphasis> command. Otherwise, it is treated the
|
||||||
|
same as the <emphasis role="bold">start</emphasis> command.</para>
|
||||||
|
|
||||||
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
|
<para>The <option>-p</option> option causes the connection tracking
|
||||||
|
table to be flushed; the <command>conntrack</command> utility must
|
||||||
|
be installed to use this option.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">refresh</emphasis></term>
|
<term><emphasis role="bold">refresh</emphasis></term>
|
||||||
|
|
||||||
@ -1420,6 +1456,14 @@
|
|||||||
<emphasis>filename</emphasis> is given then Shorewall will be
|
<emphasis>filename</emphasis> is given then Shorewall will be
|
||||||
restored from the file specified by the RESTOREFILE option in <ulink
|
restored from the file specified by the RESTOREFILE option in <ulink
|
||||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||||
|
|
||||||
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
|
<para>The <option>-p</option> option, added in Shorewall 4.6.5,
|
||||||
|
causes the connection tracking table to be flushed; the
|
||||||
|
<command>conntrack</command> utility must be installed to use this
|
||||||
|
option.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=Yes
|
|||||||
|
|
||||||
RESTORE_ROUTEMARKS=Yes
|
RESTORE_ROUTEMARKS=Yes
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=No
|
TC_ENABLED=No
|
||||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
|||||||
|
|
||||||
RESTORE_ROUTEMARKS=Yes
|
RESTORE_ROUTEMARKS=Yes
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=No
|
TC_ENABLED=No
|
||||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
|||||||
|
|
||||||
RESTORE_ROUTEMARKS=Yes
|
RESTORE_ROUTEMARKS=Yes
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=No
|
TC_ENABLED=No
|
||||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
|||||||
|
|
||||||
RESTORE_ROUTEMARKS=Yes
|
RESTORE_ROUTEMARKS=Yes
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=No
|
TC_ENABLED=No
|
||||||
|
@ -189,6 +189,8 @@ REQUIRE_INTERFACE=No
|
|||||||
|
|
||||||
RESTORE_ROUTEMARKS=Yes
|
RESTORE_ROUTEMARKS=Yes
|
||||||
|
|
||||||
|
SAVE_COUNTERS=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=No
|
TC_ENABLED=No
|
||||||
|
@ -2122,6 +2122,20 @@ INLINE - - - ; -j REJECT
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">SAVE_COUNTERS=</emphasis>[<emphasis
|
||||||
|
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.6.5.</para>
|
||||||
|
|
||||||
|
<para>When set to Yes, this option causes the <emphasis
|
||||||
|
role="bold">save</emphasis> and <emphasis
|
||||||
|
role="bold">restore</emphasis> commands to respectively save and
|
||||||
|
restore chain counters.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">SAVE_IPSETS=</emphasis>{<emphasis
|
<term><emphasis role="bold">SAVE_IPSETS=</emphasis>{<emphasis
|
||||||
role="bold">Yes</emphasis>|<emphasis
|
role="bold">Yes</emphasis>|<emphasis
|
||||||
|
@ -308,6 +308,18 @@
|
|||||||
expression</replaceable></arg>
|
expression</replaceable></arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
|
<cmdsynopsis>
|
||||||
|
<command>shorewall6</command>
|
||||||
|
|
||||||
|
<arg
|
||||||
|
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||||
|
|
||||||
|
<arg>-<replaceable>options</replaceable></arg>
|
||||||
|
|
||||||
|
<arg
|
||||||
|
choice="plain"><option>recover</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
|
||||||
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
<command>shorewall6</command>
|
<command>shorewall6</command>
|
||||||
|
|
||||||
@ -1130,6 +1142,30 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">recover</emphasis></term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.6.5.</para>
|
||||||
|
|
||||||
|
<para>If SAVE_COUNTERS=Yes in <ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5) and
|
||||||
|
if the file specified by the RESTOREFILE option in <ulink
|
||||||
|
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5)
|
||||||
|
exists and is executable, then the command is the same as the
|
||||||
|
<emphasis role="bold">restore</emphasis> command. Otherwise, it is
|
||||||
|
treated the same as the <emphasis role="bold">start</emphasis>
|
||||||
|
command.</para>
|
||||||
|
|
||||||
|
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||||
|
updating the routing table(s).</para>
|
||||||
|
|
||||||
|
<para>The <option>-p</option> option causes the connection tracking
|
||||||
|
table to be flushed; the <command>conntrack</command> utility must
|
||||||
|
be installed to use this option.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">refresh</emphasis></term>
|
<term><emphasis role="bold">refresh</emphasis></term>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user