Fix load, reload and export WRT shorewallrc.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-14 10:21:26 -08:00
parent e2ad98b364
commit a6d6cc9da7
2 changed files with 44 additions and 52 deletions

View File

@ -1360,20 +1360,19 @@ reload_command() # $* = original arguments less the command.
local saveit local saveit
saveit= saveit=
local result local result
local directory
local system local system
local getcaps local getcaps
getcaps= getcaps=
local root local root
root=root root=root
local libexec local libexec
libexec=/usr/share libexec=${LIBEXECDIR}
local confdir local confdir
confdir=/etc confdir=${CONFDIR}
local sbindir local sbindir
sbindir=/sbin sbindir=${SBINDIR}
litedir=/var/lib/${g_program}-lite litedir=${VARLIB}/${g_program}-lite
while [ $finished -eq 0 -a $# -gt 0 ]; do while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1 option=$1
@ -1420,11 +1419,11 @@ reload_command() # $* = original arguments less the command.
case $# in case $# in
1) 1)
directory="." g_directory="."
system=$1 system=$1
;; ;;
2) 2)
directory=$1 g_directory=$1
system=$2 system=$2
;; ;;
*) *)
@ -1432,46 +1431,33 @@ reload_command() # $* = original arguments less the command.
;; ;;
esac esac
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //') if [ -f $g_directory/shorewallrc ]; then
. $g_directory/shorewallrc
[ -n "$temp" ] && litedir="$temp" sbindir="$SBINDIR"
confdir="$CONFDIR"
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^LIBEXEC | sed 's/LIBEXEC is //') libexec="$LIBEXECDIR"
. $SHAREDIR/shorewall/shorewallrc
if [ -n "$temp" ]; then else
case $temp in error_message " WARNING: $g_directory/shorewallrc does not exist; using settings from $SHAREDIR/shorewall" >&2
/*)
libexec="$temp"
;;
*)
libexec=/usr/$temp
;;
esac
fi fi
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^SBINDIR | sed 's/SBINDIR is //')
[ -n "$temp" ] && sbindir="$temp"
temp=$(rsh_command ${g_program}-lite show config 2> /dev/null | grep ^CONFDIR | sed 's/CONFDIR is //')
[ -n "$temp" ] && confdir="$temp"
if [ -z "$getcaps" ]; then if [ -z "$getcaps" ]; then
g_shorewalldir=$(resolve_file $directory) g_shorewalldir=$(resolve_file $g_directory)
ensure_config_path ensure_config_path
capabilities=$(find_file capabilities) capabilities=$(find_file capabilities)
[ -f $capabilities ] || getcaps=Yes [ -f $capabilities ] || getcaps=Yes
fi fi
if [ -f $directory/${g_program}.conf ]; then if [ -f $g_directory/${g_program}.conf ]; then
if [ -f $directory/params ]; then if [ -f $g_directory/params ]; then
. $directory/params . $g_directory/params
fi fi
. $directory/$g_program.conf . $g_directory/$g_program.conf
ensure_config_path ensure_config_path
else
fatal_error "$g_directory/$g_program.conf does not exist"
fi fi
if [ -n "$getcaps" ]; then if [ -n "$getcaps" ]; then
@ -1479,21 +1465,21 @@ reload_command() # $* = original arguments less the command.
progress_message "Getting Capabilities on system $system..." progress_message "Getting Capabilities on system $system..."
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $directory/capabilities; then if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_directory/capabilities; then
fatal_error "Capturing capabilities on system $system failed" fatal_error "Capturing capabilities on system $system failed"
fi fi
elif ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $directory/capabilities; then elif ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_directory/capabilities; then
fatal_error "Capturing capabilities on system $system failed" fatal_error "Capturing capabilities on system $system failed"
fi fi
fi fi
file=$(resolve_file $directory/firewall) file=$(resolve_file $g_directory/firewall)
[ -n "$g_timestamp" ] && timestamp='-t' || timestamp= [ -n "$g_timestamp" ] && timestamp='-t' || timestamp=
if $g_program $g_debugging $verbose $timestamp compile -e $directory $directory/firewall && \ if $g_program $g_debugging $verbose $timestamp compile -e $g_directory $g_directory/firewall && \
progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \ progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." && \
rcp_command "$directory/firewall $directory/firewall.conf" ${litedir} rcp_command "$g_directory/firewall $g_directory/firewall.conf" ${litedir}
then then
save=$(find_file save); save=$(find_file save);
@ -1527,7 +1513,6 @@ export_command() # $* = original arguments less the command.
file= file=
local finished local finished
finished=0 finished=0
local directory
local target local target
while [ $finished -eq 0 -a $# -gt 0 ]; do while [ $finished -eq 0 -a $# -gt 0 ]; do
@ -1557,11 +1542,11 @@ export_command() # $* = original arguments less the command.
case $# in case $# in
1) 1)
directory="." g_directory="."
target=$1 target=$1
;; ;;
2) 2)
directory=$1 g_directory=$1
target=$2 target=$2
;; ;;
*) *)
@ -1577,11 +1562,11 @@ export_command() # $* = original arguments less the command.
;; ;;
esac esac
file=$(resolve_file $directory/firewall) file=$(resolve_file $g_directory/firewall)
if $g_program $g_debugging $verbose compile -e $directory $directory/firewall && \ if $g_program $g_debugging $verbose compile -e $g_directory $g_directory/firewall && \
echo "Copying $file and ${file}.conf to ${target#*@}..." && \ echo "Copying $file and ${file}.conf to ${target#*@}..." && \
scp $directory/firewall $directory/firewall.conf $target scp $g_directory/firewall $g_directory/firewall.conf $target
then then
save=$(find_file save); save=$(find_file save);
@ -1697,12 +1682,10 @@ compiler_command() {
update_command $@ update_command $@
;; ;;
load|reload) load|reload)
get_config Yes
shift shift
reload_command $@ reload_command $@
;; ;;
export) export)
get_config Yes
shift shift
export_command $@ export_command $@
;; ;;

View File

@ -223,10 +223,19 @@
</listitem> </listitem>
<listitem> <listitem>
<para>The export directory should contain a <para>Prior to Shorewall 4.5.14, the export directory should
<filename>params</filename> file, even if it is empty. contain a <filename>params</filename> file, even if it is
Otherwise, <filename>/sbin/shorewall</filename> will attempt empty. Otherwise, <filename>/sbin/shorewall</filename> will
to read<filename> /etc/shorewall/params</filename>.</para> attempt to read<filename>
/etc/shorewall/params</filename>.</para>
</listitem>
<listitem>
<para>If the remote system has a different directory layout
from the administrative system, then the export directory
should contain a copy of the remote system's shorewallrc
file (normally found in
/usr/share/shorewall/shorewallrc).</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>