From 66e9add7f0298bb4e4ef9cd96918c10dc35371ad Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 14 Sep 2005 23:01:13 +0000
Subject: [PATCH] Add -n option to suppress routing table changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2686 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt |  4 ++++
 Shorewall/firewall      | 28 ++++++++++++++--------------
 Shorewall/shorewall     | 15 ++++++++++++++-
 3 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index ca655407d..b25f35eba 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -2,6 +2,10 @@ Changes in 2.5.6
 
 1) Finish install/fallback cleanup.
 
+2) Fix startup failure.
+
+3) Add "-n" option.
+
 Changes in 2.5.5
 
 1) Zone file alchemy attempted.
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 7566fb57c..3e2c42931 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1231,7 +1231,7 @@ setup_providers()
 		default|nexthop)
 		    ;;
 		*)
-		    ensure_and_save_command ip route add table $number $net $route
+		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add table $number $net $route"
 		    ;;
 	    esac
 	done
@@ -1244,7 +1244,7 @@ setup_providers()
 		    ;;
 		*)
 		    if list_search $(find_device $route) $copy; then
-			ensure_and_save_command ip route add table $number $net $route
+			ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add table $number $net $route"
 		    fi
 		    ;;
 	    esac
@@ -1269,7 +1269,7 @@ setup_providers()
 	eval ${table}_number=$number
 
 	if [ $COMMAND != check ]; then
-	    run_and_save_command qt ip route flush table $number
+	    run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip route flush table $number"
 
 	    if [ "x${duplicate:=-}" != x- ]; then
 		if [ "x${copy:=-}" != "x-" ]; then
@@ -1301,8 +1301,8 @@ setup_providers()
 	fi
 
 	if [ $COMMAND != check ]; then
-	    ensure_and_save_command ip route replace $gateway dev $interface table $number
-	    ensure_and_save_command ip route add default via $gateway dev $interface table $number
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route replace $gateway dev $interface table $number"
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add default via $gateway dev $interface table $number"
 	fi
 
 	verify_mark $mark
@@ -1310,8 +1310,8 @@ setup_providers()
 	eval ${table}_mark=$mark
 
 	if [ $COMMAND != check ]; then
-	    run_and_save_command qt ip rule del fwmark $mark
-	    ensure_and_save_command ip rule add fwmark $mark pref $((10000 + $mark)) table $number
+	    run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del fwmark $mark"
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add fwmark $mark pref $((10000 + $mark)) table $number"
 	fi
 
 	loose=
@@ -1346,11 +1346,11 @@ setup_providers()
 
 	if [ $COMMAND != check ]; then
 	    find_interface_addresses $interface | while read address; do
-		run_and_save_command qt ip rule del from $address
+		run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del from $address"
 		if [ -z "$loose" ]; then
 		    pref=$((20000 + $rulenum * 1000 + $mark ))
 		    rulenum=$(($rulenum + 1))
-		    ensure_and_save_command ip rule add from $address pref $pref table $number
+		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add from $address pref $pref table $number"
 		fi
 	    done
 	fi
@@ -1378,7 +1378,7 @@ setup_providers()
 	if [ $COMMAND != check ]; then
 	    if [ -n "$PROVIDERS" ]; then
 		if [ -n "$DEFAULT_ROUTE" ]; then
-		    ensure_and_save_command ip route replace default scope global $DEFAULT_ROUTE
+		    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route replace default scope global $DEFAULT_ROUTE"
 		    progress_message "   Default route $DEFAULT_ROUTE Added."
 		fi
 
@@ -1406,7 +1406,7 @@ EOF
 
 	    fi		
 	
-	    ensure_and_save_command ip route flush cache
+	    ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
 	fi
     fi
 }
@@ -2674,7 +2674,7 @@ setup_proxy_arp() {
 
 	if [ $COMMAND != check ]; then
 	    if [ -z "$haveroute" ]; then
-		ensure_and_save_command ip route replace $address dev $interface
+		ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route replace $address dev $interface"
 		[ -n "$persistent" ] && haveroute=yes
 	    fi
 
@@ -2891,7 +2891,7 @@ delete_proxy_arp() {
     if [ -f /var/lib/shorewall/proxyarp ]; then
 	while read address interface external haveroute; do
 	    qt arp -i $external -d $address pub
-	    [ -z "$haveroute" ] && qt ip route del $address dev $interface
+	    [ -z "${haveroute}${NOROUTES}" ] && qt ip route del $address dev $interface
 	done < /var/lib/shorewall/proxyarp
 
 	rm -f /var/lib/shorewall/proxyarp
@@ -7870,7 +7870,7 @@ add_common_rules() {
 	    run_and_save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
 	fi
 
-	run_and_save_command ip route flush cache
+	run_and_save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
     fi
 
     #
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 44b8aa12d..e23a29af8 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -489,7 +489,7 @@ help()
 #
 usage() # $1 = exit status
 {
-    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] <command>"
+    echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] [ -n ] <command>"
     echo "where <command> is one of:"
     echo "   add <interface>[:{<bridge-port>[:<host>]|<host>}[,...]] ... <zone>"
     echo "   allow <address> ..."
@@ -591,6 +591,7 @@ QUIET=
 IPT_OPTIONS="-nv"
 FAST=
 VERBOSE=
+NOROUTES=
 
 done=0
 
@@ -636,6 +637,10 @@ while [ $done -eq 0 ]; do
 			VERBOSE=Yes
 			option=${option#v}
 			;;
+		    n*)
+			NOROUTES=Yes
+			option=${option#n}
+			;;			
 		    *)
 			usage 1
 			;;
@@ -757,6 +762,8 @@ case "$1" in
 		usage 1
 		;;
 	esac
+
+	export NOROUTES
 	
 	if [ -n "$FAST" ]; then
 	    if qt mywhich make; then
@@ -795,6 +802,7 @@ case "$1" in
 	;;
     stop|reset|clear|refresh)
 	[ $# -ne 1 ] && usage 1
+	export NOROUTES
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
     check|restart)
@@ -819,6 +827,9 @@ case "$1" in
 		usage 1
 		;;
 	esac
+
+	export NOROUTES
+	
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
     add|delete)
@@ -1217,6 +1228,8 @@ case "$1" in
 
 	RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
 
+	export NOROUTES
+
 	[ -n "$nolock" ] || mutex_on
 
 	if [ -x $RESTOREPATH ]; then