Cleanup of iptables-restore/stop code. Don't purge ipsets on stop.

Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9762 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-12-15 19:01:19 +01:00 · 2009-03-30 18:00:23 +00:00 · 2009-03-30 18:00:23 +00:00 · 715554e579
commit 715554e579
parent cddd1b1ae9
2 changed files with 7 additions and 9 deletions
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -798,7 +798,12 @@ sub compiler {
 	#                               S T O P _ F I R E W A L L
 	#             (Writes the stop_firewall() function to the compiled script)
 	#
-	compile_stop_firewall( $test );
+	# We must reinitialize Shorewall::Chains before generating the iptables-restore input
+	# for stopping the firewall
+	#
+	Shorewall::Chains::initialize( $family );
+	initialize_chain_table;
+	compile_stop_firewall( $test ); 
 	#
 	# Copy the footer to the object
 	#
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -39,7 +39,6 @@ our @EXPORT = qw( process_tos
 		  setup_ecn
 		  add_common_rules
 		  setup_mac_lists
-		  process_routestopped
 		  process_rules
 		  generate_matrix
 		  setup_mss
@ -2079,10 +2078,6 @@ sub compile_stop_firewall( $ ) {
 stop_firewall() {
 EOF

-    Shorewall::Chains::initialize( $family );
-
-    initialize_chain_table;
-
    if ( $config{ADMINISABSENTMINDED} ) {
 	$filter_table->{OUTPUT}{policy} = 'ACCEPT';
    }
@ -2272,10 +2267,8 @@ EOF
            #
            grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
 	fi
+    fi
 EOF
-
-	emit "    ipset -X $_" for @ipsets;
-	emit "fi\n";
    }
    
    emit '