diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index eedfc1d7d..f9fffb27e 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -162,3 +162,5 @@ Changes since 2.0.3 78) Implement variable expansion in INCLUDE directives 79) More fixes for "shorewall delete" with bridging. + +80) Split restore-base into two files. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 1ac9e5ca5..b5f6f5f2c 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -6558,9 +6558,28 @@ define_firewall() # $1 = Command (Start or Restart) [ -n "$aliases_to_add" ] && \ echo "Adding IP Addresses..." && add_ip_aliases + for file in chains nat proxyarp zones; do + append_file $file + done + + save_progress_message "Restoring Netfilter Configuration..." + + save_command 'iptables-restore << __EOF__' + + # 'shorewall save' appends the iptables-save output and '__EOF__' + + mv -f $RESTOREBASE /var/lib/shorewall/restore-base-$$ + + > $RESTOREBASE + + save_command "#" + save_command "# Restore tail file generated by Shorewall $version - $(date)" + save_command "#" + save_command "date > $STATEDIR/restarted" + run_user_exit start - [ -n "$DELAYBLACKLISTLOAD" ] && refresh_blacklist + [ -n "$DELAYBLACKLISTLOAD" ] && refresh_blacklist createchain shorewall no @@ -6570,19 +6589,8 @@ define_firewall() # $1 = Command (Start or Restart) rm -rf $TMP_DIR - for file in chains nat proxyarp zones; do - append_file $file - done - - save_command "date > $STATEDIR/restarted" - - save_progress_message "Restoring Netfilter Configuration..." - - save_command 'iptables-restore << __EOF__' - - # 'shorewall save' appends the iptables-save output and '__EOF__' - - mv -f $RESTOREBASE /var/lib/shorewall/restore-base + mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base + mv -f $RESTOREBASE /var/lib/shorewall/restore-tail } diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 53ec86e9b..4f2363486 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -154,6 +154,21 @@ Problems corrected since 2.2.0 Beta 6: shorewall add br0:eth2:192.168.1.3 OK shorewall delete br0:eth2:192.168.1.3 OK +2) Previously, "shorewall save" created an out-of-sequence restore + script. The commands saved in the user's /etc/shorewall/start script + were executed prior to the Netfilter configuration being + restored. This has been corrected so that "shorewall save" now + places those commands at the end of the script. + + To accomplish this change, the "restore base" file + (/var/lib/shorewall/restore-base) has been split into two files: + + /var/lib/shorewall/restore-base -- commands to be executed before + Netfilter the configuration is restored. + + /var/lib/shorewall/restore-tail -- commands to be executed after the + Netfilter configuration is restored. + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0 to Shorewall 2.1: diff --git a/Shorewall2/shorewall b/Shorewall2/shorewall index 509f9c381..2b16dfc90 100755 --- a/Shorewall2/shorewall +++ b/Shorewall2/shorewall @@ -1161,7 +1161,9 @@ case "$1" in cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$ if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then echo __EOF__ >> /var/lib/shorewall/restore-$$ - mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH + [ -f /var/lib/shorewall/restore-tail ] && \ + cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$ + mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH chmod +x $RESTOREPATH echo " Currently-running Configuration Saved to $RESTOREPATH" else