Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code

This commit is contained in:
Tom Eastep 2015-06-08 13:50:47 -07:00
commit 7f50557250
3 changed files with 78 additions and 72 deletions

View File

@ -79,6 +79,15 @@ fatal_error() # $@ = Message
exit 2
}
#
# Not configured Error
#
not_configured() # $@ = Message
{
echo " ERROR: $@" >&2
exit 6
}
#
# Get the Shorewall version of the passed script
#

View File

@ -1,18 +1,19 @@
#! /bin/bash
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.5
#!/bin/bash
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall - V4.6
#
# (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
# (c) 2012-2014 - Tom Eastep (teastep@shorewall.net)
#
# On most distributions, this file should be called /etc/init.d/shorewall.
# On most distributions, this file should be called
# /etc/init.d/shorewall.
#
# Complete documentation is available at http://shorewall.net
# Complete documentation is available at http://shorewall.net
#
# This program is part of Shorewall.
# This program is part of Shorewall.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by the
# Free Software Foundation, either version 2 of the license or, at your
# option, any later version.
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the license or,
# at your option, any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -22,7 +23,7 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
#########################################################################################
###############################################################################
# set the STATEDIR variable
setstatedir() {
local statedir
@ -33,7 +34,9 @@ setstatedir() {
[ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARLIB}/${PRODUCT}
if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
${SBINDIR}/$PRODUCT ${OPTIONS} compile -c || exit 1
${SBINDIR}/$PRODUCT ${OPTIONS} compile -c
else
return 0
fi
}
@ -46,7 +49,7 @@ setstatedir() {
if [ -f "$SYSCONFDIR/shorewall-init" ]; then
. $SYSCONFDIR/shorewall-init
if [ -z "$PRODUCTS" ]; then
echo "ERROR: No products configured" >&2
echo "ERROR: No products configured" >&2
exit 1
fi
else
@ -56,71 +59,66 @@ fi
# Initialize the firewall
shorewall_start () {
local PRODUCT
local STATEDIR
local PRODUCT
local STATEDIR
echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
setstatedir
echo -n "Initializing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
if [ -x ${STATEDIR}/firewall ]; then
#
# Run in a sub-shell to avoid name collisions
#
(
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} stop
fi
)
fi
fi
done
if [ -x ${STATEDIR}/firewall ]; then
#
# Run in a sub-shell to avoid name collisions
#
(
if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/firewall ${OPTIONS} stop || exit 1
else
exit 1
fi
)
else
echo ERROR: ${STATEDIR}/firewall does not exist or is not executable!
exit 1
fi
done
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
ipset -R < "$SAVE_IPSETS"
fi
return 0
return 0
}
# Clear the firewall
shorewall_stop () {
local PRODUCT
local STATEDIR
local PRODUCT
local STATEDIR
echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
setstatedir
echo -n "Clearing \"Shorewall-based firewalls\": "
for PRODUCT in $PRODUCTS; do
if setstatedir; then
if [ -x ${STATEDIR}/firewall ]; then
${STATEDIR}/firewall ${OPTIONS} clear
fi
fi
done
if [ -x ${STATEDIR}/firewall ]; then
${STATEDIR}/firewall ${OPTIONS} clear || exit 1
fi
done
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
fi
fi
if [ -n "$SAVE_IPSETS" ]; then
mkdir -p $(dirname "$SAVE_IPSETS")
if ipset -S > "${SAVE_IPSETS}.tmp"; then
grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
fi
fi
return 0
return 0
}
case "$1" in
start)
shorewall_start
;;
stop)
shorewall_stop
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
start)
shorewall_start
;;
stop)
shorewall_stop
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0

View File

@ -162,14 +162,13 @@ get_config() {
if [ "$2" = Yes ]; then
case $STARTUP_ENABLED in
No|no|NO)
fatal_error "$g_product startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf"
not_configured "$g_product startup is disabled. To enable startup, set STARTUP_ENABLED=Yes in ${g_confdir}/${g_program}.conf"
;;
Yes|yes|YES)
;;
*)
if [ -n "$STARTUP_ENABLED" ]; then
fatal_error "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED"
exit 6
not_configured "Invalid Value for STARTUP_ENABLED: $STARTUP_ENABLED"
fi
;;
esac
@ -510,7 +509,7 @@ start_command() {
exit 0
fi
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
[ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
@ -1002,7 +1001,7 @@ restart_command() {
;;
esac
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
[ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then
uptodate ${VARDIR}/firewall && g_fast=Yes
@ -1101,7 +1100,7 @@ refresh_command() {
product_is_started || fatal_error "$g_product is not running"
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
[ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if compiler $g_debugging $nolock compile ${VARDIR}/.refresh; then
run_postcompile ${VARDIR}/.refresh
@ -1190,7 +1189,7 @@ safe_commands() {
;;
esac
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
[ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if product_is_started; then
running=Yes
@ -1327,7 +1326,7 @@ try_command() {
;;
esac
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
[ -n "$STARTUP_ENABLED" ] || not_configured "Startup is disabled"
if product_is_started; then
running=Yes