From 8602dff487d89a5d58eb0b3d52e2dde8ab88b72b Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 11 May 2013 16:38:09 -0700
Subject: [PATCH] More shorewall-init changes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-init/init.debian.sh | 43 +++++++++++++-----------
 Shorewall-init/init.fedora.sh | 36 +++++++++++++++-----
 Shorewall-init/init.suse.sh   | 62 ++++++++++++++++++++++-------------
 3 files changed, 91 insertions(+), 50 deletions(-)

diff --git a/Shorewall-init/init.debian.sh b/Shorewall-init/init.debian.sh
index cf0a9cc9a..fc2f95608 100755
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@@ -50,16 +50,16 @@ echo_notdone () {
 }
 
 not_configured () {
-	echo "#### WARNING ####"
-	echo "the firewall won't be initialized unless it is configured"
-	if [ "$1" != "stop" ]
-	then
-		echo ""
-		echo "Please read about Debian specific customization in"
-		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-	fi
-	echo "#################"
-	exit 0
+    echo "#### WARNING ####"
+    echo "the firewall won't be initialized unless it is configured"
+    if [ "$1" != "stop" ]
+    then
+	echo ""
+	echo "Please read about Debian specific customization in"
+	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+    fi
+    echo "#################"
+    exit 0
 }
 
 # set the STATEDIR variable
@@ -72,7 +72,7 @@ setstatedir() {
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
 
     if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT compile -c
+	${SBINDIR}/$PRODUCT compile -c || echo_notdone
     fi
 }
 
@@ -86,13 +86,13 @@ vardir=$VARDIR
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-	. $SYSCONFDIR/shorewall-init
-	if [ -z "$PRODUCTS" ]
-	then
-		not_configured
-	fi
-else
+    . $SYSCONFDIR/shorewall-init
+    if [ -z "$PRODUCTS" ]
+    then
 	not_configured
+    fi
+else
+    not_configured
 fi
 
 # Initialize the firewall
@@ -101,18 +101,23 @@ shorewall_start () {
   local STATEDIR
 
   echo -n "Initializing \"Shorewall-based firewalls\": "
+
   for PRODUCT in $PRODUCTS; do
       setstatedir
 
       if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  #
+          #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
 	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/$PRODUCT/firewall stop || echo_notdone
+	      else
+		  echo_notdone
 	      fi
 	  )
+      else
+	  echo echo_notdone
       fi
   done
 
@@ -150,7 +155,7 @@ case "$1" in
   reload|force-reload)
      ;;
   *)
-     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
+     echo "Usage: $0 {start|stop|reload|force-reload}"
      exit 1
 esac
 
diff --git a/Shorewall-init/init.fedora.sh b/Shorewall-init/init.fedora.sh
index 86c97fe51..9da499213 100755
--- a/Shorewall-init/init.fedora.sh
+++ b/Shorewall-init/init.fedora.sh
@@ -48,6 +48,8 @@ setstatedir() {
 
     if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	${SBINDIR}/$PRODUCT $OPTIONS compile -c
+    else
+	return 0
     fi
 }
 
@@ -63,14 +65,23 @@ start () {
     fi
 
     echo -n "Initializing \"Shorewall-based firewalls\": "
+
     retval=0
     for PRODUCT in $PRODUCTS; do
 	setstatedir
+	retval=$?
 
-	if [ -x "${STATEDIR}/firewall" ]; then
-	    ${STATEDIR}/firewall stop 2>&1 | $logger
-	    retval=${PIPESTATUS[0]}
-	    [ $retval -ne 0 ] && break
+	if [ $retval eq 0 ]; then
+	    if [ -x "${STATEDIR}/firewall" ]; then
+		${STATEDIR}/firewall stop 2>&1 | $logger
+		retval=${PIPESTATUS[0]}
+		[ $retval -ne 0 ] && break
+	    else
+		retval=6 #Product not configured
+		break
+	    fi
+	else
+	    break
 	fi
     done
 
@@ -91,13 +102,22 @@ stop () {
 
     echo -n "Clearing \"Shorewall-based firewalls\": "
     retval=0
+
     for PRODUCT in $PRODUCTS; do
 	setstatedir
+	retval=$?
 
-	if [ -x "${STATEDIR}/firewall" ]; then
-	    ${STATEDIR}/firewall clear 2>&1 | $logger
-	    retval=${PIPESTATUS[0]}
-	    [ $retval -ne 0 ] && break
+	if [ $retval -eq 0 ]; then
+	    if [ -x "${STATEDIR}/firewall" ]; then
+		${STATEDIR}/firewall clear 2>&1 | $logger
+		retval=${PIPESTATUS[0]}
+		[ $retval -ne 0 ] && break
+	    else
+		retval=6 #Product not configured
+		break
+	    fi
+	else
+	    break
 	fi
     done
 
diff --git a/Shorewall-init/init.suse.sh b/Shorewall-init/init.suse.sh
index f1a2a960b..7f7134809 100755
--- a/Shorewall-init/init.suse.sh
+++ b/Shorewall-init/init.suse.sh
@@ -34,22 +34,35 @@
 #                    prior to bringing up the network.  
 ### END INIT INFO
 
+#Return values acc. to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
 if [ "$(id -u)" != "0" ]
 then
   echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 1
+  exit 4
 fi
 
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]
 then
-	. /etc/sysconfig/shorewall-init
-	if [ -z "$PRODUCTS" ]
-	then
-		exit 0
-	fi
+    . /etc/sysconfig/shorewall-init
+
+    if [ -z "$PRODUCTS" ]
+    then
+	echo "No PRODUCTS configured"
+	exit 6
+    fi
 else
-	exit 0
+    echo "/etc/sysconfig/shorewall-init not found"
+    exit 6
 fi
 
 #
@@ -67,7 +80,7 @@ setstatedir() {
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
 
     if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT compile -c
+	${SBINDIR}/$PRODUCT compile -c || exit
     fi
 }
 
@@ -82,16 +95,16 @@ shorewall_start () {
 
       if [ -x $STATEDIR/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      $STATEDIR/$PRODUCT/firewall stop || echo_notdone
+	      $STATEDIR/$PRODUCT/firewall stop || exit
 	  fi
+      else
+	  exit 6
       fi
   done
 
   if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
       ipset -R < "$SAVE_IPSETS"
   fi
-
-  return 0
 }
 
 # Clear the firewall
@@ -104,7 +117,9 @@ shorewall_stop () {
       setstatedir
 
       if [ -x ${STATEDIR}/firewall ]; then
-	  ${STATEDIR}/firewall clear || exit 1
+	  ${STATEDIR}/firewall clear || exit
+      else
+	  exit 6
       fi
   done
 
@@ -114,20 +129,21 @@ shorewall_stop () {
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
       fi
   fi
-
-  return 0
 }
 
 case "$1" in
-  start)
-     shorewall_start
-     ;;
-  stop)
-     shorewall_stop
-     ;;
-  *)
-     echo "Usage: /etc/init.d/shorewall-init {start|stop}"
-     exit 1
+    start)
+	shorewall_start
+	;;
+    stop)
+	shorewall_stop
+	;;
+    reload|forced-reload)
+	;;
+    *)
+	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+	exit 1
+	;;
 esac
 
 exit 0