From 5727afc83b7cdb83b9fa5f274ca2311361310be4 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 25 Jan 2006 04:18:52 +0000
Subject: [PATCH] Save/Restore working again...

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3376 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/compiler    | 22 ++----------
 Shorewall/prog.footer | 37 +++++++++++++++-----
 Shorewall/shorewall   | 81 +++++++++++++++++++------------------------
 3 files changed, 67 insertions(+), 73 deletions(-)

diff --git a/Shorewall/compiler b/Shorewall/compiler
index e51ddf89e..d9347bd50 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -105,13 +105,6 @@ append_file() # $1 = File Name
     save_command_unindented __EOF__
 }
 
-append_file1() # $1 = File Name
-{
-    save_command "cat > /var/lib/shorewall/$1 << _EOF_"
-    cat $STATEDIR/$1 >> $OUTPUT
-    save_command_unindented _EOF_
-}
-
 #
 # Generate a command to run iptables
 #
@@ -8569,13 +8562,6 @@ __EOF__
 	append_file $file
     done
 
-    # Logical break between restore-base and restore-tail
-
-    if [ $COMMAND = compile ]; then
-	mv -f $OUTPUT $STATEDIR/restore-base
-	OUTPUT=$(mktempfile $STATEDIR)
-    fi
-
     save_command "date > /var/lib/shorewall/restarted"
 
     run_user_exit start
@@ -8588,17 +8574,15 @@ __EOF__
 
     run_user_exit started
 
+    save_command "cp -f \$SCRIPT /var/lib/shorewall/.restore"
+
     if [ $COMMAND = check ]; then
 	echo "Shorewall configuration verified"
     else
-	cp $OUTPUT $STATEDIR/restore-tail
-	append_file1 restore-base
-	append_file1 restore-tail
 	INDENT=
 	save_command "}"
-	cat $(find_file prog.header) $STATEDIR/restore-base $OUTPUT $(find_file prog.footer) > $outfile
+	cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile
 	chmod 700 $outfile
-	rm -f $STATEDIR/restore-base rm -f $STATEDIR/restore-tail
 	progress_message2 "Shorewall configuration compiled to $outfile"
     fi
 
diff --git a/Shorewall/prog.footer b/Shorewall/prog.footer
index e2fc2f74b..2969b5830 100644
--- a/Shorewall/prog.footer
+++ b/Shorewall/prog.footer
@@ -1,3 +1,23 @@
+restore_firewall()
+{
+    fatal_error()
+    {
+	echo "   ERROR: $@" >&2
+    }
+
+    startup_error() # foo = Error Message
+    {
+	echo "   ERROR: $@" >&2
+    }
+
+    define_firewall
+}
+
+current_command() {
+    cd $(dirname $0)
+    echo $PWD/$(basename $0)
+}
+
 ################################################################################
 # Give Usage Information						       #
 ################################################################################
@@ -8,6 +28,8 @@ usage() {
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
+SCRIPT=$(current_command)
+
 initialize
 
 finished=0
@@ -48,11 +70,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
 done
 
 if [ $# -eq 0 ]; then
-    if shorewall_is_started; then
-	COMMAND=restart
-    else
-	COMMAND=start
-    fi
+    COMMAND=restore
 elif [ $# -gt 1 ]; then
     usage 2
 else
@@ -99,7 +117,11 @@ case "$COMMAND" in
 
 	define_firewall
 	status=$?
-	echo "done."
+	progress_message3 "done."
+	;;
+    restore)
+	restore_firewall
+	status=$?
 	;;
     clear)
 	progress_message3 "Clearing Shorewall...."
@@ -138,9 +160,6 @@ case "$COMMAND" in
     help)
 	usage 0
 	;;
-    restore)
-	restore_command
-	;;
     *)
 	usage 2
 	;;
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 319b7fb95..3cef73a67 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -429,56 +429,47 @@ save_config() {
 		*)
 		    if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then
 			echo "   Dynamic Rules Saved"
-			if [ -f /var/lib/shorewall/restore-base ]; then
-			    cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
-			    if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then
-				echo __EOF__ >> /var/lib/shorewall/restore-$$
-				[ -f /var/lib/shorewall/restore-tail ] && \
-				    cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$
-				mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH
-				chmod +x $RESTOREPATH
-				echo "   Currently-running Configuration Saved to $RESTOREPATH"
+			if [ -f /var/lib/shorewall/.restore ]; then
+			    cp -f /var/lib/shorewall/.restore $RESTOREPATH
+			    chmod +x $RESTOREPATH
+			    echo "   Currently-running Configuration Saved to $RESTOREPATH"
 
-				rm -f ${RESTOREPATH}-ipsets
+			    rm -f ${RESTOREPATH}-ipsets
 
-				case ${SAVE_IPSETS:-No} in
-				    [Yy][Ee][Ss])
-                                        RESTOREPATH=${RESTOREPATH}-ipsets
+			    case ${SAVE_IPSETS:-No} in
+				[Yy][Ee][Ss])
+				    RESTOREPATH=${RESTOREPATH}-ipsets
 
-					f=/var/lib/shorewall/restore-$$
+				    f=/var/lib/shorewall/restore-$$
 
-					echo "#!/bin/sh" > $f
-					echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
-					echo  >> $f
-					echo ". /usr/share/shorewall/functions" >> $f
-					echo  >> $f
-					grep '^MODULE' /var/lib/shorewall/restore-base >>  $f
-					echo "reload_kernel_modules << __EOF__" >> $f
-					grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >>  $f
-                                        echo "__EOF__" >> $f
-					echo  >> $f
-					echo "ipset -U :all: :all:" >> $f
-					echo "ipset -F" >> $f
-					echo "ipset -X" >> $f
-					echo "ipset -R << __EOF__" >> $f
-					ipset -S >> $f
-					echo "__EOF__" >> $f
-					mv -f $f $RESTOREPATH
-					chmod +x $RESTOREPATH
-					echo "   Current Ipset Contents Saved to $RESTOREPATH"
-					;;
-				    [Nn][Oo])
-				        ;;
-				    *)
-				        echo "   WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
-					;;
-				esac
-			    else
-			        rm -f /var/lib/shorewall/restore-$$
-				echo "   ERROR: Currently-running Configuration Not Saved"
-			    fi
+				    echo "#!/bin/sh" > $f
+				    echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
+				    echo  >> $f
+				    echo ". /usr/share/shorewall/functions" >> $f
+				    echo  >> $f
+				    grep '^MODULE' /var/lib/shorewall/restore-base >>  $f
+				    echo "reload_kernel_modules << __EOF__" >> $f
+				    grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >>  $f
+				    echo "__EOF__" >> $f
+				    echo  >> $f
+				    echo "ipset -U :all: :all:" >> $f
+				    echo "ipset -F" >> $f
+				    echo "ipset -X" >> $f
+				    echo "ipset -R << __EOF__" >> $f
+				    ipset -S >> $f
+				    echo "__EOF__" >> $f
+				    mv -f $f $RESTOREPATH
+				    chmod +x $RESTOREPATH
+				    echo "   Current Ipset Contents Saved to $RESTOREPATH"
+				    ;;
+				[Nn][Oo])
+				    ;;
+				*)
+				    echo "   WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
+				    ;;
+			    esac
 			else
-			    echo "   ERROR: /var/lib/shorewall/restore-base does not exist"
+			    echo "   ERROR: /var/lib/shorewall/.restoredoes not exist"
 			fi
 		    else
 		        echo "Error Saving the Dynamic Rules"