diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 297f978cf..5210822ad 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -540,6 +540,7 @@ sub initialize( $ ) {
FORWARD_CLEAR_MARK => undef,
COMPLETE => undef,
EXPORTMODULES => undef,
+ LEGACY_FASTSTART => undef,
#
# Packet Disposition
#
@@ -3309,6 +3310,7 @@ sub get_configuration( $ ) {
default_yes_no 'FORWARD_CLEAR_MARK' , have_capability 'MARK' ? 'Yes' : '';
default_yes_no 'COMPLETE' , '';
default_yes_no 'EXPORTMODULES' , '';
+ default_yes_no 'LEGACY_FASTSTART' , '';
require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index c4761ddf7..9dfc9c02d 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Beta 4
1) Smarten up the tc devnum algorithm.
+2) Implement LEGACY_FASTSTART option.
+
Changes in Shorewall 4.4.20 Beta 3
1) Add auditing support.
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index 45ce6bdf7..31a96f50e 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -198,6 +198,8 @@ EXPORTMODULES=Yes
ACCOUNTING_TABLE=filter
+LEGACY_FASTSTART=No
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 21187a911..d2705e508 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -135,6 +135,17 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
output of 'shorewall show actions' whose names begin with a
lower-case letter.
+6) Up to this release, the behaviors of 'start -f' and 'restart -f'
+ were inconsistent. The 'start -f' command compares the modification
+ times of /etc/shorewall[6] with /var/lib/shorewall[6]/restore while
+ 'restart -f' compares with /var/lib/shorewall[6]/firewall.
+
+ To make the two consistent, a new LEGACY_FASTSTART option has been
+ added. The default value when the option isn't specified is
+ LEGACY_FASTSTART=Yes which preserves the old behavior. When
+ LEGACY_FASTSTART=No, both commands compare with
+ /var/lib/shorewall[6]/firewall.
+
----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S
----------------------------------------------------------------------------
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 774169333..c456dc5c0 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -298,6 +298,24 @@ get_config() {
fi
;;
esac
+
+
+ case $LEGACY_FASTSTART in
+ Yes|yes)
+ ;;
+ No|no)
+ LEGACY_FASTSTART=
+ ;;
+ *)
+ if [ -n "$LEGACY_FASTSTART" ]; then
+ echo " ERROR: Invalid LEGACY_FASTSTART setting (LEGACY_FASTSTART)" >&2
+ exit 1
+ fi
+
+ LEGACY_FASTSTART=Yes
+ ;;
+ esac
+
}
#
@@ -312,8 +330,8 @@ startup_error() {
#
# Determine if there are config files newer than the passed object
#
-upofdate() {
- [ -z "$(find ${CONFDIR} -newer $1)" ]
+uptodate() {
+ [ -f $1 ] && [ -z "$(find ${CONFDIR} -newer $1)" ]
}
#
@@ -481,7 +499,7 @@ start_command() {
esac
if [ -n "${g_fast}${AUTOMAKE}" ]; then
- if [ -z "$g_fast" ]; then
+ if [ -z "$g_fast" -o -z "$LEGACY_FASTSTART" ]; then
#
# Automake -- use the last compiled script
#
diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6
index df41c8a6c..d0d763551 100755
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@@ -224,6 +224,22 @@ get_config() {
fi
;;
esac
+
+ case $LEGACY_FASTSTART in
+ Yes|yes)
+ ;;
+ No|no)
+ LEGACY_FASTSTART=
+ ;;
+ *)
+ if [ -n "$LEGACY_FASTSTART" ]; then
+ echo " ERROR: Invalid LEGACY_FASTSTART setting (LEGACY_FASTSTART)" >&2
+ exit 1
+ fi
+
+ LEGACY_FASTSTART=Yes
+ ;;
+ esac
}
#
@@ -239,7 +255,7 @@ startup_error() {
# Determine if there are config files newer than the passed object
#
uptodate() {
- [ -z "$(find ${CONFDIR} -newer $1)" ]
+ [ -f $1 ] && [ -z "$(find ${CONFDIR} -newer $1)" ]
}
#
@@ -413,7 +429,7 @@ start_command() {
esac
if [ -n "${g_fast}${AUTOMAKE}" ]; then
- if [ -z "$g_fast" ]; then
+ if [ -z "$g_fast" -o -z "$LEGACY_FASTSTART" ]; then
#
# Autofast -- use the last compiled script
#
diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf
index f63de5127..eaea952a3 100644
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@@ -161,6 +161,8 @@ EXPORTMODULES=Yes
ACCOUNTING_TABLE=filter
+LEGACY_FASTSTART=No
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml
index 99cec08d3..a25eaa013 100644
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@@ -360,6 +360,13 @@
/etc/sysconfig/shorewall (if your distribution
provides neither of these files, you must create one or the
other).
+
+ Update: In Shorewall 4.4.20, a
+ new LEGACY_FASTSTART option was added to /etc/shorewall/shorewall.conf.
+ When LEGACY_FASTSTART=No, the compiled script that did the last
+ successful start or restart will be used.
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 17c356c67..3480a1276 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -79,7 +79,7 @@
ACCEPT_DEFAULT={action|macro|ACCEPT_DEFAULT={action|none}
@@ -89,7 +89,7 @@
DROP_DEFAULT={action|macro|DROP_DEFAULT={action|none}
@@ -99,7 +99,7 @@
REJECT_DEFAULT={action|macro|REJECT_DEFAULT={action|none}
@@ -109,7 +109,7 @@
QUEUE_DEFAULT={action|macro|QUEUE_DEFAULT={action|none}
@@ -119,7 +119,7 @@
NFQUEUE_DEFAULT={action|macro|NFQUEUE_DEFAULT={action|none}
@@ -835,6 +835,22 @@ net all DROP infothen the chain name is 'net2all'
+
+ LEGACY_FASTSTART={Yes|No}
+
+
+ Added in Shorewall 4.4.20. If not specified, the default is
+ Yes which preserves the legacy behavior of start
+ -s in that the modification times of the files in
+ /etc/shorewall are compare with that of
+ /var/lib/shorewall/restore. If set to No, then
+ the times are compared with that of /var/lib/shorewall/firewall
+ which is consistant with the way that restart -f
+ works.
+
+
+
LOAD_HELPERS_ONLY={Yes|No}
diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml
index 6a802005e..9da2939e7 100644
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@@ -1415,6 +1415,13 @@
-f is given, a
directory may not be specified.
+ Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
+ added to shorewall.conf(5).
+ When LEGACY_FASTSTART=No, the modificaiotn times of files in
+ /etc/shorewall are compared with that of /var/lib/shorewall/firewall
+ (the compiled script that last started/restarted the
+ firewall).
+
The option causes Shorewall to avoid
updating the routing table(s).
diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml
index 1ca083c81..8198f10cb 100644
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@@ -78,7 +78,7 @@
ACCEPT_DEFAULT={action|macro|ACCEPT_DEFAULT={action|none}
@@ -88,7 +88,7 @@
DROP_DEFAULT={action|macro|DROP_DEFAULT={action|none}
@@ -98,7 +98,7 @@
REJECT_DEFAULT={action|macro|REJECT_DEFAULT={action|none}
@@ -108,7 +108,7 @@
QUEUE_DEFAULT={action|macro|QUEUE_DEFAULT={action|none}
@@ -118,7 +118,7 @@
NFQUEUE_DEFAULT={action|macro|NFQUEUE_DEFAULT={action|none}
@@ -724,6 +724,22 @@
+
+ LEGACY_FASTSTART={Yes|No}
+
+
+ Added in Shorewall6 4.4.20. If not specified, the default is
+ Yes which preserves the legacy behavior of start
+ -s in that the modification times of the files in
+ /etc/shorewall6 are compare with that of
+ /var/lib/shorewall6/restore. If set to No, then
+ the times are compared with that of /var/lib/shorewall6/firewall
+ which is consistant with the way that restart -f
+ works.
+
+
+
LOAD_HELPERS_ONLY={Yes|No}
diff --git a/manpages6/shorewall6.xml b/manpages6/shorewall6.xml
index 115793e6c..71d6ab92d 100644
--- a/manpages6/shorewall6.xml
+++ b/manpages6/shorewall6.xml
@@ -1176,6 +1176,14 @@
role="bold">-f is given, a
directory may not be specified.
+ Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
+ was added to shorewall6.conf(5). When
+ LEGACY_FASTSTART=No, the modificaiotn times of files in
+ /etc/shorewall6 are compared with that of
+ /var/lib/shorewall6/firewall (the compiled script that last
+ started/restarted the firewall).
+
The option causes Shorewall6 to avoid
updating the routing table(s).