Fix some bugs in the Shorewall-init implementation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-05-16 17:41:09 -07:00
parent 38cdd417eb
commit a501222194
4 changed files with 27 additions and 17 deletions

View File

@ -31,7 +31,7 @@ elif [ -f /etc/sysconfig/shorewall-init ]; then
. /etc/sysconfig/shorewall-init
fi
[ "$IFUPDOWN" = 1 && -n "$PRODUCTS" ] || exit 0
[ "$IFUPDOWN" = 1 -a -n "$PRODUCTS" ] || exit 0
if [ -f /etc/debian_version ]; then
#
@ -55,7 +55,7 @@ if [ -f /etc/debian_version ]; then
VARDIR=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x $VARDIR/firewall ]; then
$VARDIR/firewall -v0 $COMMAND $IFACE
$VARDIR/firewall -V0 $COMMAND $IFACE
fi
done

View File

@ -73,34 +73,38 @@ fi
# Initialize the firewall
shorewall_start () {
local product
local vardir
local VARDIR
echo -n "Initializing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$product
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall close || notdone
VARDIR=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${VARDIR}/firewall ]; then
${VARDIR}/firewall stop || echo_notdone
fi
done
echo "done."
return 0
}
# Clear the firewall
shorewall_stop () {
local product
local vardir
local VARDIR
echo -n "Clearing \"Shorewall-based firewalls\": "
for product in $PRODUCTS; do
vardir=/var/lib/$PRODUCT
[ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
if [ -x ${vardir}/firewall ]; then
${vardir}/firewall clear || notdone
VARDIR=/var/lib/$product
[ -f /etc/$product/vardir ] && . /etc/$product/vardir
if [ -x ${VARDIR}/firewall ]; then
${VARDIR}/firewall clear || echo_notdone
fi
done
echo "done."
return 0
}

View File

@ -9,4 +9,4 @@ PRODUCTS=""
# Set this to 1 if you want Shorewall-init to react to
# ifup/ifdown events
#
UPDOWN=0
IFUPDOWN=0

View File

@ -11,7 +11,7 @@
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# This program is distributed in the shope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
@ -1244,9 +1244,15 @@ sub compile_updown() {
emit( 'local state',
'state=cleared',
'',
'if shorewall_is_up; then',
' state=started',
'' );
if ( $family == F_IPV4 ) {
emit 'if shorewall_is_started; then';
} else {
emit 'if shorewall6_is_started; then';
}
emit( ' state=started',
'elif [ -f ${VARDIR}/state ]; then',
' case "$(cat ${VARDIR}/state)" in',
' Stopped*)',