diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index a9924981f..f91b5edc4 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -601,11 +601,13 @@ our %validlevels; # Valid log levels. # Deprecated options with their default values # our %deprecated = ( + LEGACY_RESTART => 'no' ); # # Deprecated options that are eliminated via update # our %converted = ( + LEGACY_RESTART => 1 ); # # Eliminated options @@ -858,6 +860,7 @@ sub initialize( $;$$) { BASIC_FILTERS => undef, WORKAROUNDS => undef , LEGACY_RESTART => undef , + RESTART => undef , # # Packet Disposition # @@ -4863,6 +4866,7 @@ sub update_config_file( $ ) { update_default( 'USE_DEFAULT_RT', 'No' ); update_default( 'EXPORTMODULES', 'No' ); + update_default( 'RESTART', 'reload' ); my $fn; @@ -5759,7 +5763,15 @@ sub get_configuration( $$$$ ) { default_yes_no 'INLINE_MATCHES' , ''; default_yes_no 'BASIC_FILTERS' , ''; default_yes_no 'WORKAROUNDS' , 'Yes'; - default_yes_no 'LEGACY_RESTART' , ''; + + if ( supplied( $val = $config{RESTART} ) ) { + fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/; + } elsif (supplied $config{LEGACY_RESTART} ) { + default_yes_no 'LEGACY_RESTART' , 'Yes'; + $config{RESTART} = $config{LEGACY_RESTART} ? 'reload' : 'restart'; + } else { + $config{RESTART} = 'reload'; + } require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS}; @@ -6302,7 +6314,7 @@ sub generate_aux_config() { emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#"; - for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS LEGACY_RESTART) ) { + for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS RESTART) ) { conditionally_add_option $option; } diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer index b8ebcd7e3..d40a635b3 100644 --- a/Shorewall/Perl/prog.footer +++ b/Shorewall/Perl/prog.footer @@ -310,7 +310,7 @@ case "$COMMAND" in restart) [ $# -ne 1 ] && usage 2 - if [ -z "$LEGACY_RESTART" ]; then + if [ "$RESTART" = restart ]; then COMMAND=stop stop_command && COMMAND=start start_command else COMMAND=reload diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index a9eb6e0db..d58440ca3 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -176,8 +176,6 @@ KEEP_RT_TABLES=No LOAD_HELPERS_ONLY=Yes -LEGACY_RESTART=Yes - MACLIST_TABLE=filter MACLIST_TTL= @@ -204,6 +202,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=Yes +RESTART=restart + RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 40e409099..ade08a0bb 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -187,8 +187,6 @@ KEEP_RT_TABLES=No LOAD_HELPERS_ONLY=Yes -LEGACY_RESTART=Yes - MACLIST_TABLE=filter MACLIST_TTL= @@ -215,6 +213,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index c26a08219..7960e7c3d 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -184,8 +184,6 @@ KEEP_RT_TABLES=No LOAD_HELPERS_ONLY=Yes -LEGACY_RESTART=Yes - MACLIST_TABLE=filter MACLIST_TTL= @@ -212,6 +210,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index c63a01c00..f6fbcdb3f 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -187,8 +187,6 @@ KEEP_RT_TABLES=No LOAD_HELPERS_ONLY=Yes -LEGACY_RESTART=Yes - MACLIST_TABLE=filter MACLIST_TTL= @@ -215,6 +213,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 4fef45809..729a3b2a6 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -174,8 +174,6 @@ IP_FORWARDING=On KEEP_RT_TABLES=No -LEGACY_RESTART=Yes - LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -204,6 +202,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_DEFAULT_ROUTE=Yes RESTORE_ROUTEMARKS=Yes diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index 330440051..44aedb558 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -163,8 +163,6 @@ IP_FORWARDING=Off KEEP_RT_TABLES=Yes -LEGACY_RESTART=Yes - LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -187,6 +185,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=Yes +RESTART=restart + RESTORE_ROUTEMARKS=Yes SAVE_IPSETS=No diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index 6c3a987fc..3f99e6191 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -164,8 +164,6 @@ IP_FORWARDING=Off KEEP_RT_TABLES=Yes -LEGACY_RESTART=Yes - LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -188,6 +186,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_ROUTEMARKS=Yes SAVE_IPSETS=No diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 45b9e3bcd..67fb163cc 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -163,8 +163,6 @@ IP_FORWARDING=On KEEP_RT_TABLES=Yes -LEGACY_RESTART=Yes - LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -187,6 +185,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_ROUTEMARKS=Yes SAVE_IPSETS=No diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index dd83091e4..c684cda75 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -163,8 +163,6 @@ IP_FORWARDING=On KEEP_RT_TABLES=Yes -LEGACY_RESTART=Yes - LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -187,6 +185,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_ROUTEMARKS=Yes SAVE_IPSETS=No diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 4aaaea0b9..e970f2735 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -163,8 +163,6 @@ IP_FORWARDING=Off KEEP_RT_TABLES=Yes -LEGACY_RESTART=Yes - LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -187,6 +185,8 @@ REJECT_ACTION= REQUIRE_INTERFACE=No +RESTART=restart + RESTORE_ROUTEMARKS=Yes SAVE_IPSETS=No