More shorewall-init changes

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-init/init.debian.sh

@@ -50,16 +50,16 @@ echo_notdone () {
 }
 
 not_configured () {
-	echo "#### WARNING ####"
+    echo "#### WARNING ####"
-	echo "the firewall won't be initialized unless it is configured"
+    echo "the firewall won't be initialized unless it is configured"
-	if [ "$1" != "stop" ]
+    if [ "$1" != "stop" ]
-	then
+    then
-		echo ""
+	echo ""
-		echo "Please read about Debian specific customization in"
+	echo "Please read about Debian specific customization in"
-		echo "/usr/share/doc/shorewall-init/README.Debian.gz."
+	echo "/usr/share/doc/shorewall-init/README.Debian.gz."
-	fi
+    fi
-	echo "#################"
+    echo "#################"
-	exit 0
+    exit 0
 }
 
 # set the STATEDIR variable
@@ -72,7 +72,7 @@ setstatedir() {
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
 
     if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT compile -c
+	${SBINDIR}/$PRODUCT compile -c || echo_notdone
     fi
 }
 
@@ -86,13 +86,13 @@ vardir=$VARDIR
 # check if shorewall-init is configured or not
 if [ -f "$SYSCONFDIR/shorewall-init" ]
 then
-	. $SYSCONFDIR/shorewall-init
+    . $SYSCONFDIR/shorewall-init
-	if [ -z "$PRODUCTS" ]
+    if [ -z "$PRODUCTS" ]
-	then
+    then
-		not_configured
-	fi
-else
 	not_configured
+    fi
+else
+    not_configured
 fi
 
 # Initialize the firewall
@@ -101,18 +101,23 @@ shorewall_start () {
   local STATEDIR
 
   echo -n "Initializing \"Shorewall-based firewalls\": "
+
   for PRODUCT in $PRODUCTS; do
       setstatedir
 
       if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then
-	  #
+          #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
 	      if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then
 		  ${STATEDIR}/$PRODUCT/firewall stop || echo_notdone
+	      else
+		  echo_notdone
 	      fi
 	  )
+      else
+	  echo echo_notdone
       fi
   done
 
@@ -150,7 +155,7 @@ case "$1" in
   reload|force-reload)
      ;;
   *)
-     echo "Usage: /etc/init.d/shorewall-init {start|stop|reload|force-reload}"
+     echo "Usage: $0 {start|stop|reload|force-reload}"
      exit 1
 esac
 

Shorewall-init/init.fedora.sh

@@ -48,6 +48,8 @@ setstatedir() {
 
     if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
 	${SBINDIR}/$PRODUCT $OPTIONS compile -c
+    else
+	return 0
     fi
 }
 
@@ -63,14 +65,23 @@ start () {
     fi
 
     echo -n "Initializing \"Shorewall-based firewalls\": "
+
     retval=0
     for PRODUCT in $PRODUCTS; do
 	setstatedir
+	retval=$?
 
-	if [ -x "${STATEDIR}/firewall" ]; then
+	if [ $retval eq 0 ]; then
-	    ${STATEDIR}/firewall stop 2>&1 | $logger
+	    if [ -x "${STATEDIR}/firewall" ]; then
-	    retval=${PIPESTATUS[0]}
+		${STATEDIR}/firewall stop 2>&1 | $logger
-	    [ $retval -ne 0 ] && break
+		retval=${PIPESTATUS[0]}
+		[ $retval -ne 0 ] && break
+	    else
+		retval=6 #Product not configured
+		break
+	    fi
+	else
+	    break
 	fi
     done
 
@@ -91,13 +102,22 @@ stop () {
 
     echo -n "Clearing \"Shorewall-based firewalls\": "
     retval=0
+
     for PRODUCT in $PRODUCTS; do
 	setstatedir
+	retval=$?
 
-	if [ -x "${STATEDIR}/firewall" ]; then
+	if [ $retval -eq 0 ]; then
-	    ${STATEDIR}/firewall clear 2>&1 | $logger
+	    if [ -x "${STATEDIR}/firewall" ]; then
-	    retval=${PIPESTATUS[0]}
+		${STATEDIR}/firewall clear 2>&1 | $logger
-	    [ $retval -ne 0 ] && break
+		retval=${PIPESTATUS[0]}
+		[ $retval -ne 0 ] && break
+	    else
+		retval=6 #Product not configured
+		break
+	    fi
+	else
+	    break
 	fi
     done
 

Shorewall-init/init.suse.sh

@@ -34,22 +34,35 @@
 #                    prior to bringing up the network.  
 ### END INIT INFO
 
+#Return values acc. to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
 if [ "$(id -u)" != "0" ]
 then
   echo "You must be root to start, stop or restart \"Shorewall \"."
-  exit 1
+  exit 4
 fi
 
 # check if shorewall-init is configured or not
 if [ -f "/etc/sysconfig/shorewall-init" ]
 then
-	. /etc/sysconfig/shorewall-init
+    . /etc/sysconfig/shorewall-init
-	if [ -z "$PRODUCTS" ]
+
-	then
+    if [ -z "$PRODUCTS" ]
-		exit 0
+    then
-	fi
+	echo "No PRODUCTS configured"
+	exit 6
+    fi
 else
-	exit 0
+    echo "/etc/sysconfig/shorewall-init not found"
+    exit 6
 fi
 
 #
@@ -67,7 +80,7 @@ setstatedir() {
     [ -n "$statedir" ] && STATEDIR=${statedir} || STATEDIR=${VARDIR}/${PRODUCT}
 
     if [ $PRODUCT = shorewall -o $PRODUCT = shorewall6 ]; then
-	${SBINDIR}/$PRODUCT compile -c
+	${SBINDIR}/$PRODUCT compile -c || exit
     fi
 }
 
@@ -82,16 +95,16 @@ shorewall_start () {
 
       if [ -x $STATEDIR/firewall ]; then
 	  if ! ${SBIN}/$PRODUCT status > /dev/null 2>&1; then
-	      $STATEDIR/$PRODUCT/firewall stop || echo_notdone
+	      $STATEDIR/$PRODUCT/firewall stop || exit
 	  fi
+      else
+	  exit 6
       fi
   done
 
   if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then
       ipset -R < "$SAVE_IPSETS"
   fi
-
-  return 0
 }
 
 # Clear the firewall
@@ -104,7 +117,9 @@ shorewall_stop () {
       setstatedir
 
       if [ -x ${STATEDIR}/firewall ]; then
-	  ${STATEDIR}/firewall clear || exit 1
+	  ${STATEDIR}/firewall clear || exit
+      else
+	  exit 6
       fi
   done
 
@@ -114,20 +129,21 @@ shorewall_stop () {
 	  grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS"
       fi
   fi
-
-  return 0
 }
 
 case "$1" in
-  start)
+    start)
-     shorewall_start
+	shorewall_start
-     ;;
+	;;
-  stop)
+    stop)
-     shorewall_stop
+	shorewall_stop
-     ;;
+	;;
-  *)
+    reload|forced-reload)
-     echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+	;;
-     exit 1
+    *)
+	echo "Usage: /etc/init.d/shorewall-init {start|stop}"
+	exit 1
+	;;
 esac
 
 exit 0