mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 16:54:10 +01:00
Use chains with names derived from a digest to identify ruleset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
a83c146636
commit
4546cbaff7
@ -6521,7 +6521,6 @@ sub set_chain_variables() {
|
||||
|
||||
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
|
||||
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
|
||||
emit( 'IPTABLES_RESTORE="$IPTABLES_RESTORE --counters"' ) if $config{SAVE_COUNTERS};
|
||||
emit( 'g_tool=$IPTABLES' );
|
||||
} else {
|
||||
if ( $config{IP6TABLES} ) {
|
||||
@ -6536,7 +6535,6 @@ sub set_chain_variables() {
|
||||
|
||||
emit( 'IP6TABLES_RESTORE=${IP6TABLES}-restore',
|
||||
'[ -x "$IP6TABLES_RESTORE" ] || startup_error "$IP6TABLES_RESTORE does not exist or is not executable"' );
|
||||
emit( 'IP6TABLES_RESTORE="$IP6TABLES_RESTORE --counters"' ) if $config{SAVE_COUNTERS};
|
||||
emit( 'g_tool=$IP6TABLES' );
|
||||
}
|
||||
|
||||
@ -7918,7 +7916,7 @@ sub save_dynamic_chains() {
|
||||
my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore';
|
||||
|
||||
emit( 'if [ "$COMMAND" = restart ]; then',
|
||||
" ${tool}-save --counters > \${VARDIR}/.$utility}-input",
|
||||
" ${tool}-save --counters > \${VARDIR}/.${utility}-input",
|
||||
"fi\n" );
|
||||
}
|
||||
|
||||
@ -8258,9 +8256,12 @@ sub create_netfilter_load( $ ) {
|
||||
|
||||
if ( $config{SAVE_COUNTERS} ) {
|
||||
emit( '',
|
||||
'if [ "$COMMAND" = restart -a -n "$g_sha1sum" -a -f ${VARDIR}/.sha1sum -a $g_sha1sum = $(cat ${VARDIR}/.sha1sum) ]; then',
|
||||
'if [ "$COMMAND" = restart ] && chain_exists $g_sha1sum1 && chain_exists $g_sha1sum2 ; then',
|
||||
' option="--counters"',
|
||||
'else'
|
||||
'',
|
||||
' progress_message "Reusing existing ruleset..."',
|
||||
'',
|
||||
'else'
|
||||
);
|
||||
push_indent;
|
||||
}
|
||||
@ -8330,7 +8331,7 @@ sub create_netfilter_load( $ ) {
|
||||
'' );
|
||||
|
||||
if ( $config{SAVE_COUNTERS} ) {
|
||||
emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY . ' $option' );
|
||||
emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command="$' . $UTILITY . ' $option"' );
|
||||
} else {
|
||||
emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY );
|
||||
}
|
||||
@ -8344,6 +8345,14 @@ sub create_netfilter_load( $ ) {
|
||||
"fi\n"
|
||||
);
|
||||
|
||||
if ( $config{SAVE_COUNTERS} ) {
|
||||
emit( 'if [ -z "$options" ]; then',
|
||||
' $g_tool -N $g_sha1sum1',
|
||||
' $g_tool -N $g_sha1sum2',
|
||||
'fi'
|
||||
);
|
||||
}
|
||||
|
||||
pop_indent;
|
||||
|
||||
emit "}\n";
|
||||
|
||||
@ -519,12 +519,11 @@ EOF
|
||||
|
||||
emit(
|
||||
" set_state Started $config_dir",
|
||||
' [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall');
|
||||
emit( ' [ -n "$g_sha1sum" ] && echo "$g_sha1sum" > ${VARDIR}/.sha1sum || rm -f ${VARDIR}/.sha1sum' ) if $config{SAVE_COUNTERS};
|
||||
|
||||
emit( 'else',
|
||||
' setup_netfilter'
|
||||
' [ $0 = ${VARDIR}/firewall ] || cp -f $(my_pathname) ${VARDIR}/firewall',
|
||||
'else',
|
||||
' setup_netfilter'
|
||||
);
|
||||
|
||||
push_indent;
|
||||
emit 'setup_arptables' if $have_arptables;
|
||||
setup_load_distribution;
|
||||
@ -545,10 +544,8 @@ EOF
|
||||
|
||||
emit( " set_state Started $config_dir",
|
||||
' my_pathname=$(my_pathname)',
|
||||
' [ $my_pathname = ${VARDIR}/firewall ] || cp -f $my_pathname ${VARDIR}/firewall' );
|
||||
|
||||
emit( ' [ -n "$g_sha1sum" ] && echo "$g_sha1sum" > ${VARDIR}/.sha1sum || rm -f ${VARDIR}/.sha1sum' ) if $config{SAVE_COUNTERS};
|
||||
emit( ' run_started_exit',
|
||||
' [ $my_pathname = ${VARDIR}/firewall ] || cp -f $my_pathname ${VARDIR}/firewall',
|
||||
' run_started_exit',
|
||||
"fi\n" );
|
||||
|
||||
emit<<'EOF';
|
||||
|
||||
@ -1780,12 +1780,16 @@ sub finalize_script( $ ) {
|
||||
|
||||
if ( $file ne '-' ) {
|
||||
if ( $config{SAVE_COUNTERS} ) {
|
||||
my $sha1sum = generate_sha1;
|
||||
my $sha1sum = generate_sha1;
|
||||
my $sha1sum1 = substr( $sha1sum, 0, 20 );
|
||||
my $sha1sum2 = substr( $sha1sum, -20 );
|
||||
|
||||
@ARGV = ( $tempfile );
|
||||
$^I = '';
|
||||
|
||||
while ( <> ) {
|
||||
s/g_sha1sum=/g_sha1sum=$sha1sum/;
|
||||
s/g_sha1sum1=/g_sha1sum1=$sha1sum1/;
|
||||
s/g_sha1sum2=/g_sha1sum2=$sha1sum2/;
|
||||
print;
|
||||
}
|
||||
}
|
||||
|
||||
@ -86,7 +86,13 @@ g_purge=$PURGE
|
||||
g_noroutes=$NOROUTES
|
||||
g_timestamp=$TIMESTAMP
|
||||
g_recovering=$RECOVERING
|
||||
g_sha1sum=
|
||||
#
|
||||
# These two variables contain the high-order and low-order parts respectively of
|
||||
# an SHA1 digest of this file. The digest is generated before the two following
|
||||
# lines are updated to contain the value of that digest.
|
||||
#
|
||||
g_sha1sum1=
|
||||
g_sha1sum2=
|
||||
|
||||
initialize
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user