extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 08:03:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix silly bug in 'shorewall logwatch'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-01-25 22:33:50 +00:00
parent b548052b39
commit 89f7d3220d
5 changed files with 62 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/compiler
View File

@ -8081,7 +8081,7 @@ stop_firewall() {
echo Restoring Shorewall...
if \$RESTOREPATH; then
if \$RESTOREPATH restore; then
echo "Shorewall restored from \$RESTOREPATH"
set_state "Started"
else

2
Shorewall/firewall
View File

@ -1134,7 +1134,7 @@ stop_firewall() {
echo Restoring Shorewall...
if $RESTOREPATH; then
if $RESTOREPATH restore; then
echo "Shorewall restored from $RESTOREPATH"
set_state "Started"
else

6
Shorewall/prog.footer
View File

@ -2,7 +2,7 @@
# Give Usage Information
#
usage() {
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reload|restart|status|restore|version ]"
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reload|restart|status|version ]"
exit $1
}
################################################################################
@ -47,9 +47,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
esac
done
if [ $# -eq 0 ]; then
COMMAND=restore
elif [ $# -gt 1 ]; then
if [ $# -ne 1 ]; then
usage 2
else
COMMAND="$1"

55
Shorewall/releasenotes.txt
View File

@ -82,15 +82,13 @@ New Features:
where:
-v and -q are described elsewhere in this document.
-e Generates an error if the configuration used
-e Generates an error if the configuration uses
an option that would prevent the generated
script from running on a system other than
where the 'generate' command is running (see
additional consideration a) below).
Also allows the generated script to run
on a system without Shorewall installed.
-p Generate a complete program that can start,
stop, restart, clear and status the firewall
<config directory> Is an optional directory to be searched for
configuration files prior to those listed
in CONFIG_DIR in /etc/shorewall/shorewall.conf.
@ -124,13 +122,24 @@ New Features:
unless you use the "-e" option when you compile the script.
2) The 'detectnets' interface option is not allowed.
b) If you have extension scripts, they may need modification. The scripts
will be run at generation time, rather than when the generated script
is executed. The standard functions like 'run_iptables' and
b) If you have extension scripts, they may need modification. Some of
the scripts will be run at compile time, rather than when the generated
script is executed. The standard functions like 'run_iptables' and
'log_rule_limit' will write the iptables command to the script file
rather than executing the command. As always, you can check $COMMAND
to determine which shorewall command is being executed.
Extension Scripts that are run at compile time rather than at run-time
are:
- params
- init
- continue
- initdone
- start
- started
- All scripts associated with a given chain such as Action chains
In addition to 'generate', a 'shorewall reload' command has been added.
shorewall reload [ -v ] [ -q ] [ <config directory> ]
@ -146,30 +155,52 @@ New Features:
connections being dropped for a much shorter time. Here are the results of
tests that I conducted on my own firewall:
A) shorewall restart
A) shorewall restart (Shorewall 3.0.4)
real    0m17.540s
user    0m5.956s
sys     0m10.737s
B) ./foo # foo created using "shorewall compile"
B) ./foo restart # foo created using "shorewall compile"
real    0m3.505s
user    0m1.332s
sys     0m2.164s
C) shorewall restore # Restores from file generated by "shorewall save"
C) shorewall restore (Shorewall 3.0.4) # Restores from file generated by
# "shorewall save"
real    0m1.164s
user    0m0.556s
sys     0m0.608s
The time difference from B to C reflects the difference between
The time difference between B and C reflects the difference between
"iptables-restore" and multiple executions of "iptables". The system is a
1.4Ghz Celeron with 512MB RAM.
The "-p' option creates a complete program. This program is suitable for
Compilation generates a complete program This program is suitable for
installation into /etc/init.d and, when generated with the "-e" option,
can serve as your firewall on a system that doesn't even have Shorewall
installed.
installed.
The program supports the following commands:
<program> [ -q ] [ -v ] [ -n ] start
<program> [ -q ] [ -v ] [ -n ] stop
<program> [ -q ] [ -v ] [ -n ] clear
<program> [ -q ] [ -v ] [ -n ] {restart|reload}
<program> [ -q ] [ -v ] [ -n ] status
<program> [ -q ] [ -v ] [ -n ] version
The "shorewall start" and "shorewall restart" commands have been rewritten
to use compilation. They both compile a temporary program then run it. This
results in a slightly longer elapsed time than the similar commands required
under earlier versions of Shorewall but new connections are blocked for a
much smaller percentage of that time as shown by the numbers above. Under
Shorewall 3.1.4, "shorewall restart" takes roughly 20.5 seconds on my
firewall:
real 0m20.206s
user 0m7.412s
sys 0m12.773s

30
Shorewall/shorewall
View File

@ -598,7 +598,7 @@ start_command() {
fi
echo Restoring Shorewall...
$RESTOREPATH
$RESTOREPATH restore
date > /var/lib/shorewall/restarted
echo Shorewall restored from $RESTOREPATH
else
@ -1240,6 +1240,7 @@ safe_commands() {
exit $status
fi
RESTOREFILE=.safe
RESTOREPATH=/var/lib/shorewall/.safe
save_config
@ -1252,7 +1253,7 @@ safe_commands() {
echo "New configuration has been accepted"
else
if [ "$command" = "restart" ]; then
/var/lib/shorewall/.safe
/var/lib/shorewall/.safe restore
else
/var/lib/shorewall/.$command clear
fi
@ -1336,7 +1337,7 @@ restore_command() {
fi
echo Restoring Shorewall...
$RESTOREPATH && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
$RESTOREPATH restore && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
[ -n "$nolock" ] || mutex_off
else
echo "File /var/lib/shorewall/$RESTOREFILE: file not found"
@ -1362,29 +1363,29 @@ usage() # $1 = exit status
echo "where <command> is one of:"
echo " add <interface>[:<host-list>] ... <zone>"
echo " allow <address> ..."
echo " check [ -q ] [ <directory> ]"
echo " check [ <directory> ]"
echo " clear"
echo " compile [ -e ] [ -v ] [ -q ] [ <directory name> ] <path name>"
echo " compile [ -e ] [ <directory name> ] <path name>"
echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..."
echo " dump [ -q ] [ -v ]"
echo " dump"
echo " forget [ <file name> ]"
echo " generate [ -e ] [-v ] [ -q ] [ <directory name> ] <path name>"
echo " generate [ -e ] [ <directory name> ] <path name>"
echo " help [ <command > | host | address ]"
echo " hits"
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
echo " ipdecimal { <address> | <integer> }"
echo " iprange <address>-<address>"
echo " logwatch [ -v ] [<refresh interval>]"
echo " logwatch [<refresh interval>]"
echo " refresh"
echo " reject <address> ..."
echo " reset"
echo " reload [ -n ] [ -q ] [ -v ] [ <directory> ]"
echo " restart [ -n ] [ -q ] [ -v ] [ <directory> ]"
echo " restore [ -n ] [ -q ] [ <file name> ]"
echo " reload [ <directory> ]"
echo " restart [ <directory> ]"
echo " restore [ <file name> ]"
echo " save [ <file name> ]"
echo " show [ -v ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
echo " start [ -f ] [ -n ] [ -q ] [ <directory> ]"
echo " show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
echo " start [ -f ] [ <directory> ]"
echo " stop"
echo " status"
echo " try <directory> [ <timeout> ]"
@ -1787,8 +1788,7 @@ case "$COMMAND" in
finished=0
while [ $finished -eq 0 ]; do
[ $# -eq 0 ] && usage 1
while [ $finished -eq 0 -a $# -ne 0 ]; do
option=$1
case $option in
-*)