mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Fix load, reload and export WRT shorewallrc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e2ad98b364
commit
a6d6cc9da7
@ -1360,20 +1360,19 @@ reload_command() # $* = original arguments less the command.
|
|||||||
local saveit
|
local saveit
|
||||||
saveit=
|
saveit=
|
||||||
local result
|
local result
|
||||||
local directory
|
|
||||||
local system
|
local system
|
||||||
local getcaps
|
local getcaps
|
||||||
getcaps=
|
getcaps=
|
||||||
local root
|
local root
|
||||||
root=root
|
root=root
|
||||||
local libexec
|
local libexec
|
||||||
libexec=/usr/share
|
libexec=${LIBEXECDIR}
|
||||||
local confdir
|
local confdir
|
||||||
confdir=/etc
|
confdir=${CONFDIR}
|
||||||
local sbindir
|
local sbindir
|
||||||
sbindir=/sbin
|
sbindir=${SBINDIR}
|
||||||
|
|
||||||
litedir=/var/lib/${g_program}-lite
|
litedir=${VARLIB}/${g_program}-lite
|
||||||
|
|
||||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||||
option=$1
|
option=$1
|
||||||
@ -1420,11 +1419,11 @@ reload_command() # $* = original arguments less the command.
|
|||||||
|
|
||||||
case $# in
|
case $# in
|
||||||
1)
|
1)
|
||||||
directory="."
|
g_directory="."
|
||||||
system=$1
|
system=$1
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
directory=$1
|
g_directory=$1
|
||||||
system=$2
|
system=$2
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -1432,46 +1431,33 @@ reload_command() # $* = original arguments less the command.
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')
|
if [ -f $g_directory/shorewallrc ]; then
|
||||||
|
. $g_directory/shorewallrc
|
||||||
[ -n "$temp" ] && litedir="$temp"
|
sbindir="$SBINDIR"
|
||||||
|
confdir="$CONFDIR"
|
||||||
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //')
|
libexec="$LIBEXECDIR"
|
||||||
|
. $SHAREDIR/shorewall/shorewallrc
|
||||||
if [ -n "$temp" ]; then
|
else
|
||||||
case $temp in
|
error_message " WARNING: $g_directory/shorewallrc does not exist; using settings from $SHAREDIR/shorewall" >&2
|
||||||
/*)
|
|
||||||
libexec="$temp"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
libexec=/usr/$temp
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^SBINDIR | sed 's/SBINDIR is //')
|
|
||||||
|
|
||||||
[ -n "$temp" ] && sbindir="$temp"
|
|
||||||
|
|
||||||
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^CONFDIR | sed 's/CONFDIR is //')
|
|
||||||
|
|
||||||
[ -n "$temp" ] && confdir="$temp"
|
|
||||||
|
|
||||||
if [ -z "$getcaps" ]; then
|
if [ -z "$getcaps" ]; then
|
||||||
g_shorewalldir=$(resolve_file $directory)
|
g_shorewalldir=$(resolve_file $g_directory)
|
||||||
ensure_config_path
|
ensure_config_path
|
||||||
capabilities=$(find_file capabilities)
|
capabilities=$(find_file capabilities)
|
||||||
[ -f $capabilities ] || getcaps=Yes
|
[ -f $capabilities ] || getcaps=Yes
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f $directory/${g_program}.conf ]; then
|
if [ -f $g_directory/${g_program}.conf ]; then
|
||||||
if [ -f $directory/params ]; then
|
if [ -f $g_directory/params ]; then
|
||||||
. $directory/params
|
. $g_directory/params
|
||||||
fi
|
fi
|
||||||
|
|
||||||
. $directory/$g_program.conf
|
. $g_directory/$g_program.conf
|
||||||
|
|
||||||
ensure_config_path
|
ensure_config_path
|
||||||
|
else
|
||||||
|
fatal_error "$g_directory/$g_program.conf does not exist"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$getcaps" ]; then
|
if [ -n "$getcaps" ]; then
|
||||||
@ -1479,21 +1465,21 @@ reload_command() # $* = original arguments less the command.
|
|||||||
|
|
||||||
progress_message "Getting Capabilities on system $system..."
|
progress_message "Getting Capabilities on system $system..."
|
||||||
if [ $g_family -eq 4 ]; then
|
if [ $g_family -eq 4 ]; then
|
||||||
if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $directory/capabilities; then
|
if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_directory/capabilities; then
|
||||||
fatal_error "Capturing capabilities on system $system failed"
|
fatal_error "Capturing capabilities on system $system failed"
|
||||||
fi
|
fi
|
||||||
elif ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $directory/capabilities; then
|
elif ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_directory/capabilities; then
|
||||||
fatal_error "Capturing capabilities on system $system failed"
|
fatal_error "Capturing capabilities on system $system failed"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
file=$(resolve_file $directory/firewall)
|
file=$(resolve_file $g_directory/firewall)
|
||||||
|
|
||||||
[ -n "$g_timestamp" ] && timestamp='-t' || timestamp=
|
[ -n "$g_timestamp" ] && timestamp='-t' || timestamp=
|
||||||
|
|
||||||
if $g_program $g_debugging $verbose $timestamp compile -e $directory $directory/firewall && \
|
if $g_program $g_debugging $verbose $timestamp compile -e $g_directory $g_directory/firewall && \
|
||||||
progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
|
progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
|
||||||
rcp_command "$directory/firewall $directory/firewall.conf" ${litedir}
|
rcp_command "$g_directory/firewall $g_directory/firewall.conf" ${litedir}
|
||||||
then
|
then
|
||||||
save=$(find_file save);
|
save=$(find_file save);
|
||||||
|
|
||||||
@ -1527,7 +1513,6 @@ export_command() # $* = original arguments less the command.
|
|||||||
file=
|
file=
|
||||||
local finished
|
local finished
|
||||||
finished=0
|
finished=0
|
||||||
local directory
|
|
||||||
local target
|
local target
|
||||||
|
|
||||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||||
@ -1557,11 +1542,11 @@ export_command() # $* = original arguments less the command.
|
|||||||
|
|
||||||
case $# in
|
case $# in
|
||||||
1)
|
1)
|
||||||
directory="."
|
g_directory="."
|
||||||
target=$1
|
target=$1
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
directory=$1
|
g_directory=$1
|
||||||
target=$2
|
target=$2
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
@ -1577,11 +1562,11 @@ export_command() # $* = original arguments less the command.
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
file=$(resolve_file $directory/firewall)
|
file=$(resolve_file $g_directory/firewall)
|
||||||
|
|
||||||
if $g_program $g_debugging $verbose compile -e $directory $directory/firewall && \
|
if $g_program $g_debugging $verbose compile -e $g_directory $g_directory/firewall && \
|
||||||
echo "Copying $file and ${file}.conf to ${target#*@}..." && \
|
echo "Copying $file and ${file}.conf to ${target#*@}..." && \
|
||||||
scp $directory/firewall $directory/firewall.conf $target
|
scp $g_directory/firewall $g_directory/firewall.conf $target
|
||||||
then
|
then
|
||||||
save=$(find_file save);
|
save=$(find_file save);
|
||||||
|
|
||||||
@ -1697,12 +1682,10 @@ compiler_command() {
|
|||||||
update_command $@
|
update_command $@
|
||||||
;;
|
;;
|
||||||
load|reload)
|
load|reload)
|
||||||
get_config Yes
|
|
||||||
shift
|
shift
|
||||||
reload_command $@
|
reload_command $@
|
||||||
;;
|
;;
|
||||||
export)
|
export)
|
||||||
get_config Yes
|
|
||||||
shift
|
shift
|
||||||
export_command $@
|
export_command $@
|
||||||
;;
|
;;
|
||||||
|
@ -223,10 +223,19 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The export directory should contain a
|
<para>Prior to Shorewall 4.5.14, the export directory should
|
||||||
<filename>params</filename> file, even if it is empty.
|
contain a <filename>params</filename> file, even if it is
|
||||||
Otherwise, <filename>/sbin/shorewall</filename> will attempt
|
empty. Otherwise, <filename>/sbin/shorewall</filename> will
|
||||||
to read<filename> /etc/shorewall/params</filename>.</para>
|
attempt to read<filename>
|
||||||
|
/etc/shorewall/params</filename>.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>If the remote system has a different directory layout
|
||||||
|
from the administrative system, then the export directory
|
||||||
|
should contain a copy of the remote system's shorewallrc
|
||||||
|
file (normally found in
|
||||||
|
/usr/share/shorewall/shorewallrc).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
Loading…
Reference in New Issue
Block a user