Fix silly bug in 'shorewall logwatch'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-30 11:33:28 +01:00 · 2006-01-25 22:33:50 +00:00 · 2006-01-25 22:33:50 +00:00 · 89f7d3220d
commit 89f7d3220d
parent b548052b39
5 changed files with 62 additions and 33 deletions
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -8081,7 +8081,7 @@ stop_firewall() {
 		echo Restoring Shorewall...
-		if \$RESTOREPATH; then
+		if \$RESTOREPATH restore; then
 		    echo "Shorewall restored from \$RESTOREPATH"
 		    set_state "Started"
 		else
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1134,7 +1134,7 @@ stop_firewall() {
 		echo Restoring Shorewall...
-		if $RESTOREPATH; then
+		if $RESTOREPATH restore; then
 		    echo "Shorewall restored from $RESTOREPATH"
 		    set_state "Started"
 		else
--- a/Shorewall/prog.footer
+++ b/Shorewall/prog.footer
@ -2,7 +2,7 @@
 # Give Usage Information
 #
 usage() {
-    echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reload|restart|status|restore|version ]"
+    echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reload|restart|status|version ]"
    exit $1
 }
 ################################################################################
@ -47,9 +47,7 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
    esac
 done
-if [ $# -eq 0 ]; then
+if [ $# -ne 1 ]; then
    COMMAND=restore
 elif [ $# -gt 1 ]; then
    usage 2
 else
    COMMAND="$1"
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -82,15 +82,13 @@ New Features:
    where:
 	-v and -q             are described elsewhere in this document.
-	-e                    Generates an error if the configuration used
+	-e                    Generates an error if the configuration uses
 	                      an option that would prevent the generated
 	                      script from running on a system other than
 	                      where the 'generate' command is running (see
 	                      additional consideration a) below).
 	                      Also allows the generated script to run
 	                      on a system without Shorewall installed.
 	-p                    Generate a complete program that can start,
 	                      stop, restart, clear and status the firewall
 	<config directory>    Is an optional directory to be searched for
 	                      configuration files prior to those listed
 	                      in CONFIG_DIR in /etc/shorewall/shorewall.conf.
@ -124,13 +122,24 @@ New Features:
          unless you use the "-e" option when you compile the script.
       2) The 'detectnets' interface option is not allowed.
-    b) If you have extension scripts, they may need modification. The scripts
+    b) If you have extension scripts, they may need modification. Some of
-       will be run at generation time, rather than when the generated script
+       the scripts will be run at compile time, rather than when the generated
-       is executed. The standard functions like 'run_iptables' and
+       script is executed. The standard functions like 'run_iptables' and
       'log_rule_limit' will write the iptables command to the script file
       rather than executing the command. As always, you can check $COMMAND
       to determine which shorewall command is being executed.
       Extension Scripts that are run at compile time rather than at run-time
       are:
 	    - params
 	    - init
 	    - continue
 	    - initdone
 	    - start
 	    - started
 	    - All scripts associated with a given chain such as Action chains
    In addition to 'generate', a 'shorewall reload' command has been added.
 	shorewall reload [ -v ] [ -q ] [ <config directory> ]
@ -146,30 +155,52 @@ New Features:
    connections being dropped for a much shorter time. Here are the results of
    tests that I conducted on my own firewall:
-    A) shorewall restart
+    A) shorewall restart (Shorewall 3.0.4)
 	real    0m17.540s
 	user    0m5.956s
 	sys     0m10.737s
-    B) ./foo # foo created using "shorewall compile"
+    B) ./foo restart # foo created using "shorewall compile"
 	real    0m3.505s
 	user    0m1.332s
 	sys     0m2.164s
-    C) shorewall restore # Restores from file generated by "shorewall save"
+    C) shorewall restore (Shorewall 3.0.4) # Restores from file generated by
                                           # "shorewall save"
 	real    0m1.164s
 	user    0m0.556s
 	sys     0m0.608s
-    The time difference from B to C reflects the difference between
+    The time difference between B and C reflects the difference between
    "iptables-restore" and multiple executions of "iptables". The system is a
    1.4Ghz Celeron with 512MB RAM.
-    The "-p' option creates a complete program. This program is suitable for
+    Compilation generates a complete program This program is suitable for
    installation into /etc/init.d and, when generated with the "-e" option,
    can serve as your firewall on a system that doesn't even have Shorewall
    installed.
    The program supports the following commands:
 	<program> [ -q ] [ -v ] [ -n ] start
 	<program> [ -q ] [ -v ] [ -n ] stop
 	<program> [ -q ] [ -v ] [ -n ] clear
 	<program> [ -q ] [ -v ] [ -n ] {restart|reload}
 	<program> [ -q ] [ -v ] [ -n ] status
 	<program> [ -q ] [ -v ] [ -n ] version
    The "shorewall start" and "shorewall restart" commands have been rewritten
    to use compilation. They both compile a temporary program then run it. This
    results in a slightly longer elapsed time than the similar commands required
    under earlier versions of Shorewall but new connections are blocked for a
    much smaller percentage of that time as shown by the numbers above. Under
    Shorewall 3.1.4, "shorewall restart" takes roughly 20.5 seconds on my
    firewall:
 	real    0m20.206s
 	user    0m7.412s
 	sys     0m12.773s
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -598,7 +598,7 @@ start_command() {
 		fi
 		echo Restoring Shorewall...
-		$RESTOREPATH
+		$RESTOREPATH restore
 		date > /var/lib/shorewall/restarted
 		echo Shorewall restored from $RESTOREPATH
 	    else
@ -1240,6 +1240,7 @@ safe_commands() {
 	exit $status
    fi
    RESTOREFILE=.safe
    RESTOREPATH=/var/lib/shorewall/.safe
    save_config
@ -1252,7 +1253,7 @@ safe_commands() {
 	echo "New configuration has been accepted"
    else
 	if [ "$command" = "restart" ]; then
-	    /var/lib/shorewall/.safe
+	    /var/lib/shorewall/.safe restore
 	else
 	    /var/lib/shorewall/.$command clear
 	fi
@ -1336,7 +1337,7 @@ restore_command() {
 	fi
 	echo Restoring Shorewall...
-	$RESTOREPATH && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
+	$RESTOREPATH restore && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
 	[ -n "$nolock" ] || mutex_off
    else
 	echo "File /var/lib/shorewall/$RESTOREFILE: file not found"
@ -1362,29 +1363,29 @@ usage() # $1 = exit status
    echo "where <command> is one of:"
    echo "   add <interface>[:<host-list>] ... <zone>"
    echo "   allow <address> ..."
-    echo "   check [ -q ] [ <directory> ]"
+    echo "   check [ <directory> ]"
    echo "   clear"
-    echo "   compile [ -e ] [ -v ] [ -q ] [ <directory name> ] <path name>"
+    echo "   compile [ -e ] [ <directory name> ] <path name>"
    echo "   delete <interface>[:<host-list>] ... <zone>"
    echo "   drop <address> ..."
-    echo "   dump [ -q ] [ -v ]"
+    echo "   dump"
    echo "   forget [ <file name> ]"
-    echo "   generate  [ -e ] [-v ] [ -q ] [ <directory name> ] <path name>"
+    echo "   generate  [ -e ] [ <directory name> ] <path name>"
    echo "   help [ <command > | host | address ]"
    echo "   hits"
    echo "   ipcalc { <address>/<vlsm> | <address> <netmask> }"
    echo "   ipdecimal { <address> | <integer> }"
    echo "   iprange <address>-<address>"
-    echo "   logwatch [ -v ] [<refresh interval>]"
+    echo "   logwatch [<refresh interval>]"
    echo "   refresh"
    echo "   reject <address> ..."
    echo "   reset"
-    echo "   reload [ -n ] [ -q ] [ -v ] [ <directory> ]"
+    echo "   reload [ <directory> ]"
-    echo "   restart [ -n ] [ -q ] [ -v ] [ <directory> ]"
+    echo "   restart [ <directory> ]"
-    echo "   restore [ -n ] [ -q ] [ <file name> ]"
+    echo "   restore [ <file name> ]"
    echo "   save [ <file name> ]"
-    echo "   show [ -v ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
+    echo "   show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
-    echo "   start [ -f ] [ -n ] [ -q ] [ <directory> ]"
+    echo "   start [ -f ] [ <directory> ]"
    echo "   stop"
    echo "   status"
    echo "   try <directory> [ <timeout> ]"
@ -1787,8 +1788,7 @@ case "$COMMAND" in
 	finished=0
-	while [ $finished -eq 0 ]; do
+	while [ $finished -eq 0 -a $# -ne 0 ]; do
 	    [ $# -eq 0 ] && usage 1
 	    option=$1
 	    case $option in
 		-*)