Add -n option to suppress routing table changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2686 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -2,6 +2,10 @@ Changes in 2.5.6
 
 1) Finish install/fallback cleanup.
 
+2) Fix startup failure.
+
+3) Add "-n" option.
+
 Changes in 2.5.5
 
 1) Zone file alchemy attempted.

Shorewall/firewall

@@ -1231,7 +1231,7 @@ setup_providers()
 		default|nexthop)
 		    ;;
 		*)
-		    ensure_and_save_command ip route add table $number $net $route
+		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add table $number $net $route"
 		    ;;
 	    esac
 	done
@@ -1244,7 +1244,7 @@ setup_providers()
 		    ;;
 		*)
 		    if list_search $(find_device $route) $copy; then
-			ensure_and_save_command ip route add table $number $net $route
+			ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add table $number $net $route"
 		    fi
 		    ;;
 	    esac
@@ -1269,7 +1269,7 @@ setup_providers()
 	eval ${table}_number=$number
 
 	if [ $COMMAND != check ]; then
-	    run_and_save_command qt ip route flush table $number
+	    run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip route flush table $number"
 
 	    if [ "x${duplicate:=-}" != x- ]; then
 		if [ "x${copy:=-}" != "x-" ]; then
@@ -1301,8 +1301,8 @@ setup_providers()
 	fi
 
 	if [ $COMMAND != check ]; then
-	    ensure_and_save_command ip route replace $gateway dev $interface table $number
-	    ensure_and_save_command ip route add default via $gateway dev $interface table $number
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route replace $gateway dev $interface table $number"
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add default via $gateway dev $interface table $number"
 	fi
 
 	verify_mark $mark
@@ -1310,8 +1310,8 @@ setup_providers()
 	eval ${table}_mark=$mark
 
 	if [ $COMMAND != check ]; then
-	    run_and_save_command qt ip rule del fwmark $mark
-	    ensure_and_save_command ip rule add fwmark $mark pref $((10000 + $mark)) table $number
+	    run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del fwmark $mark"
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add fwmark $mark pref $((10000 + $mark)) table $number"
 	fi
 
 	loose=
@@ -1346,11 +1346,11 @@ setup_providers()
 
 	if [ $COMMAND != check ]; then
 	    find_interface_addresses $interface | while read address; do
-		run_and_save_command qt ip rule del from $address
+		run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del from $address"
 		if [ -z "$loose" ]; then
 		    pref=$((20000 + $rulenum * 1000 + $mark ))
 		    rulenum=$(($rulenum + 1))
-		    ensure_and_save_command ip rule add from $address pref $pref table $number
+		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add from $address pref $pref table $number"
 		fi
 	    done
 	fi
@@ -1378,7 +1378,7 @@ setup_providers()
 	if [ $COMMAND != check ]; then
 	    if [ -n "$PROVIDERS" ]; then
 		if [ -n "$DEFAULT_ROUTE" ]; then
-		    ensure_and_save_command ip route replace default scope global $DEFAULT_ROUTE
+		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route replace default scope global $DEFAULT_ROUTE"
 		    progress_message "   Default route $DEFAULT_ROUTE Added."
 		fi
 
@@ -1406,7 +1406,7 @@ EOF
 
 	    fi		
 	
-	    ensure_and_save_command ip route flush cache
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
 	fi
     fi
 }
@@ -2674,7 +2674,7 @@ setup_proxy_arp() {
 
 	if [ $COMMAND != check ]; then
 	    if [ -z "$haveroute" ]; then
-		ensure_and_save_command ip route replace $address dev $interface
+		ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route replace $address dev $interface"
 		[ -n "$persistent" ] && haveroute=yes
 	    fi
 
@@ -2891,7 +2891,7 @@ delete_proxy_arp() {
     if [ -f /var/lib/shorewall/proxyarp ]; then
 	while read address interface external haveroute; do
 	    qt arp -i $external -d $address pub
-	    [ -z "$haveroute" ] && qt ip route del $address dev $interface
+	    [ -z "${haveroute}${NOROUTES}" ] && qt ip route del $address dev $interface
 	done < /var/lib/shorewall/proxyarp
 
 	rm -f /var/lib/shorewall/proxyarp
@@ -7870,7 +7870,7 @@ add_common_rules() {
 	    run_and_save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
 	fi
 
-	run_and_save_command ip route flush cache
+	run_and_save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
     fi
 
     #

Shorewall/shorewall

@@ -489,7 +489,7 @@ help()
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] <command>"
+    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] [ -n ] <command>"
     echo "where <command> is one of:"
     echo "   add <interface>[:{<bridge-port>[:<host>]|<host>}[,...]] ... <zone>"
     echo "   allow <address> ..."
@@ -591,6 +591,7 @@ QUIET=
 IPT_OPTIONS="-nv"
 FAST=
 VERBOSE=
+NOROUTES=
 
 done=0
 
@@ -636,6 +637,10 @@ while [ $done -eq 0 ]; do
 			VERBOSE=Yes
 			option=${option#v}
 			;;
+		    n*)
+			NOROUTES=Yes
+			option=${option#n}
+			;;			
 		    *)
 			usage 1
 			;;
@@ -757,6 +762,8 @@ case "$1" in
 		usage 1
 		;;
 	esac
+
+	export NOROUTES
 	
 	if [ -n "$FAST" ]; then
 	    if qt mywhich make; then
@@ -795,6 +802,7 @@ case "$1" in
 	;;
     stop|reset|clear|refresh)
 	[ $# -ne 1 ] && usage 1
+	export NOROUTES
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
     check|restart)
@@ -819,6 +827,9 @@ case "$1" in
 		usage 1
 		;;
 	esac
+
+	export NOROUTES
+	
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
     add|delete)
@@ -1217,6 +1228,8 @@ case "$1" in
 
 	RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
 
+	export NOROUTES
+
 	[ -n "$nolock" ] || mutex_on
 
 	if [ -x $RESTOREPATH ]; then