Implement the 'REQUIRE_INTERFACE' option.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Config.pm

@@ -460,6 +460,7 @@ sub initialize( $ ) {
 	      OPTIMIZE_ACCOUNTING => undef,
 	      DYNAMIC_BLACKLIST => undef,
 	      LOAD_HELPERS_ONLY => undef,
+	      REQUIRE_INTERFACE => undef,
 	      #
 	      # Packet Disposition
 	      #
@@ -580,6 +581,7 @@ sub initialize( $ ) {
 	      OPTIMIZE_ACCOUNTING => undef,
 	      DYNAMIC_BLACKLIST => undef,
 	      LOAD_HELPERS_ONLY => undef,
+	      REQUIRE_INTERFACE => undef,
 	      #
 	      # Packet Disposition
 	      #
@@ -2947,6 +2949,7 @@ sub get_configuration( $ ) {
     default_yes_no 'ACCOUNTING'                 , 'Yes';
     default_yes_no 'OPTIMIZE_ACCOUNTING'        , '';
     default_yes_no 'DYNAMIC_BLACKLIST'          , 'Yes';
+    default_yes_no 'REQUIRE_INTERFACE'          , '';
 
     numeric_option 'TC_BITS',          $config{WIDE_TC_MARKS} ? 14 : 8 , 0;
     numeric_option 'MASK_BITS',        $config{WIDE_TC_MARKS} ? 16 : 8,  $config{TC_BITS};

Shorewall/Perl/Shorewall/Providers.pm

@@ -853,7 +853,12 @@ sub handle_optional_interfaces() {
 	    my $physical = get_physical $interface;
 	    my $base     = uc chain_base( $physical );
 
-	    emit '';
+	    emit( '' );
+
+	    if ( $config{REQUIRE_INTERFACE} ) {
+		emit( 'HAVE_INTERFACE=' );
+		emit( '' );
+	    }
 
 	    if ( $provider ) {
 		#
@@ -873,12 +878,37 @@ sub handle_optional_interfaces() {
 		emit qq(if interface_is_usable $physical; then);
 	    }
 
+	    emit( '    HAVE_INTERFACE=Yes' ) if $config{REQUIRE_INTERFACE};
+
 	    emit( "    SW_${base}_IS_USABLE=Yes" ,
 		  'else' ,
 		  "    SW_${base}_IS_USABLE=" ,
 		  'fi' );
 	}
 
+	if ( $config{REQUIRE_INTERFACE} ) {
+	    emit( '', 
+		  'if [ -z "$HAVE_INTERFACE" ]; then' ,
+		  '    case "$COMMAND" in',
+		  '        start|restart|restore|refresh)'
+		);
+
+	    if ( $family == F_IPV4 ) {
+		emit( '            if shorewall_is_started; then' );
+	    } else {
+		emit( '            if shorewall6_is_started; then' );
+	    }
+	
+	    emit( '                fatal_error "No network interface available"',
+		  '            else',
+		  '                startup_error "No network interface available',
+		  '            fi',
+		  '            ;;',
+		  '    esac',
+		  'fi'
+		);
+	}
+
 	$returnvalue = 1;
     }
 

Shorewall/releasenotes.txt

@@ -342,6 +342,19 @@ None.
     Please note that the action is carried out using the current
     compiled script; the configuration is not recompiled.
 
+    A new option has been added to shorewall.conf and
+    shorewall6.conf. The REQUIRE_INTERFACE option determines the
+    outcome when an attempt to start/restart/restore/refresh the
+    firewall is made and none of the optional interfaces are available.
+    With REQUIRE_INTERFACE=No (the default), the operation is
+    performed. If REQUIRE_INTERFACE=Yes, then the operation fails and
+    the firewall is placed in the stopped state. This option is
+    suitable for a laptop with both ethernet and wireless
+    interfaces. If either come up, the firewall starts. If neither
+    comes up, the firewall remains in the stopped state. Similarly, if
+    an optional interface goes down and there are no optional
+    interfaces remaining in the up state, then the firewall is stopped.
+
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
       I N   P R I O R  R E L E A S E S