From 494cdfb73ca017de8e5f6cc60bbcc26cf53196cc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 20 Aug 2013 13:06:25 -0700 Subject: [PATCH] Some improvements to the shorewall-init scripts. - shorewall-init will compile if needed. - Added setting of 'vardir' to init.sh and init.suse.sh Signed-off-by: Tom Eastep --- Shorewall-init/init.sh | 4 ++- Shorewall-init/init.suse.sh | 2 ++ Shorewall-init/shorewall-init | 46 +++++++++++++++++++++++++++-------- 3 files changed, 41 insertions(+), 11 deletions(-) diff --git a/Shorewall-init/init.sh b/Shorewall-init/init.sh index 5d721a456..ac78d6f1f 100755 --- a/Shorewall-init/init.sh +++ b/Shorewall-init/init.sh @@ -58,6 +58,8 @@ fi # . /usr/share/shorewall/shorewallrc +vardir=$VARDIR + # Locate the current PRODUCT's statedir setstatedir() { local statedir @@ -85,7 +87,7 @@ shorewall_start () { if [ -x ${STATEDIR}/firewall ]; then if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then - ${STATEDIR}/firewall stop || echo_notdone + ${STATEDIR}/firewall stop || exit 1 fi fi done diff --git a/Shorewall-init/init.suse.sh b/Shorewall-init/init.suse.sh index 7f7134809..bb58d8568 100755 --- a/Shorewall-init/init.suse.sh +++ b/Shorewall-init/init.suse.sh @@ -70,6 +70,8 @@ fi # . /usr/share/shorewall/shorewallrc +vardir=$VARDIR + # set the STATEDIR variable setstatedir() { local statedir diff --git a/Shorewall-init/shorewall-init b/Shorewall-init/shorewall-init index 1be5d0804..bd7086c31 100644 --- a/Shorewall-init/shorewall-init +++ b/Shorewall-init/shorewall-init @@ -23,11 +23,27 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # ######################################################################################### +# set the STATEDIR variable +setstatedir() { + local statedir + if [ -f ${CONFDIR}/${PRODUCT}/vardir ]; then + statedir=$( . /${CONFDIR}/${PRODUCT}/vardir && echo $VARDIR ) + fi + + [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT} + + if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then + ${SBINDIR}/$PRODUCT compile -c || exit 1 + fi +} + # # This is modified by the installer when ${SHAREDIR} <> /usr/share # . /usr/share/shorewall/shorewallrc +vardir=$VARDIR + # check if shorewall-init is configured or not if [ -f "$SYSCONFDIR/shorewall-init" ]; then . $SYSCONFDIR/shorewall-init @@ -43,14 +59,25 @@ fi # Initialize the firewall shorewall_start () { local PRODUCT - local VARDIR + local STATEDIR echo -n "Initializing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - if [ -x ${VARDIR}/firewall ]; then - if ! /sbin/$PRODUCT status > /dev/null 2>&1; then - ${VARDIR}/firewall stop || exit 1 - fi + setstatedir + + if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then + # + # Run in a sub-shell to avoid name collisions + # + ( + if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then + ${STATEDIR}/$PRODUCT/firewall stop || exit 1 + else + exit 1 + fi + ) + else + exit 1 fi done @@ -64,14 +91,13 @@ shorewall_start () { # Clear the firewall shorewall_stop () { local PRODUCT - local VARDIR echo -n "Clearing \"Shorewall-based firewalls\": " for PRODUCT in $PRODUCTS; do - VARDIR=/var/lib/$PRODUCT - [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir - if [ -x ${VARDIR}/firewall ]; then - ${VARDIR}/firewall clear || exit 1 + setstatedir + + if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then + ${STATEDIR}/$PRODUCT/firewall clear || exit 1 fi done