From 93da1e7cca9dd46499db8e74861e722be239b9d6 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 30 Apr 2004 03:29:07 +0000
Subject: [PATCH] shorewall forget

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1298 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/changelog.txt    |  4 ++++
 Shorewall2/help             | 25 ++++++++++++++++++++-----
 Shorewall2/releasenotes.txt |  5 +++--
 Shorewall2/shorewall        | 10 ++++++++++
 4 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index b091eb0e3..e980997ee 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -33,3 +33,7 @@ Changes since 2.0.1
     integration).
 
 16) Use modprobe if it is available.
+
+17) Lots of fixes to 'save'
+
+18) 'shorewall forget'
\ No newline at end of file
diff --git a/Shorewall2/help b/Shorewall2/help
index b5772b512..af39ec8e7 100644
--- a/Shorewall2/help
+++ b/Shorewall2/help
@@ -116,6 +116,14 @@ drop)
     See also \"help address\""
 	;;
 
+forget)
+	echo "forget: forget
+    Deletes /var/lib/shorewall/save and /var/lib/shorewall/restore. Those
+    files are created by the 'shorewall save' command
+
+    See also \"help save\""
+	;;
+
 help)
 	echo "help: help [<command> | host | address ]
     Display helpful information about the shorewall commands."
@@ -185,16 +193,23 @@ restart)
     If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
 	;;
 
-Restore)
+restore)
 	echo "restore: restore
-    Restore Shorewall to it's last state saved using the 'save' command
+    Restore Shorewall to its last state saved using the 'save' command
     Existing connections are maintained.
+
+    See also \"help save\" and \"help forget\""
 	;;
 
 save)
 	echo "save: save
-    The dynamic data is stored in /var/lib/shorewall/save
-    Shorewall allow, drop, rejct and save implement dynamic blacklisting."
+    The dynamic data is stored in /var/lib/shorewall/save. The state of the 
+    firewall is stored in /var/lib/shorewall/restore for use by the 'shorewall restore'
+    and 'shorewall -f start' commands.
+
+    Shorewall allow, drop, rejct and save implement dynamic blacklisting.
+
+    See also \"help restore\" and \"help forget\""
 	;;
 
 show)
@@ -225,7 +240,7 @@ start)
     Start shorewall.  Existing connections through shorewall managed
     interfaces are untouched.  New connections will be allowed only
     if they are allowed by the firewall rules or policies.
-    If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
+    If \"-q\" is specified, less detain is displayed making it easier to spot warnings
     If \"-f\" is specified, the last saved configuraton if any will be restored"
 	;;
 
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index 40f43ba6c..c341cb9c0 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -52,10 +52,11 @@ New Features:
       (currently, the firewall is placed in the 'stopped' state).
 
    f) If you have previously saved the running configuration and want
-      Shorewall to discard it, simply 'rm /var/lib/shorewall/restore'.
+      Shorewall to discard it, use the 'shorewall forget' command.
 
    WARNING: iptables 1.2.9 is broken with respect to iptables-save;
-   you must patch iptables 1.2.9 with the iptables patch availale from
+   If your kernel has connection tracking match support, you must
+   patch iptables 1.2.9 with the iptables patch availale from
    the Shorewall errata page.
 
 2) The previous implementation of dynamic zones was difficult to
diff --git a/Shorewall2/shorewall b/Shorewall2/shorewall
index 5b208cecf..0883fce27 100755
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@@ -80,6 +80,10 @@
 #						   "dropped" addresses so that it will
 #						   be automatically reinstated the
 #						   next time that Shorewall starts.
+#                                                  Save the current state so that 'shorewall
+#                                                  restore' can be used.
+#
+#          shorewall forget                        Discard the data saved by 'shorewall save'
 #
 #          shorewall ipaddr [ <address>/<cidr> | <address> <netmask> ]
 #
@@ -539,6 +543,7 @@ usage() # $1 = exit status
     echo "   clear"
     echo "   delete <interface>[:<host>] <zone>"
     echo "   drop <address> ..."
+    echo "   forget"
     echo "   help [ <command > | host | address ]"
     echo "   hits"
     echo "   ipcalc [ <address>/<vlsm> | <address> <netmask> ]"
@@ -986,6 +991,11 @@ case "$1" in
 	fi
 	mutex_off
 	;;
+    forget)
+	rm -f /var/lib/shorewall/restore
+	rm -f /var/lib/shorewall/save
+	echo "   Previously saved information discarded"
+	;;
     ipcalc)
     	[ -n "$debugging" ] && set -x
 	if [ $# -eq 2 ]; then