Add 'shorewall show actions command'

Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/actions.std

@@ -70,6 +70,6 @@ AllowDistcc	# accept Distributed Compiler traffic
 AllowEdonkey # accept edonkey traffic
 AllowGnutella # accept edonkey traffic
 
-Drop:DROP	#Common Action for DROP policy
-Reject:REJECT   #Common Action for REJECT policy
+Drop:DROP	   #Common Action for DROP policy
+Reject:REJECT      #Common Action for REJECT policy
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

Shorewall/firewall

@@ -7547,6 +7547,7 @@ define_firewall() # $1 = Command (Start or Restart)
     save_command "# Restore tail file generated by Shorewall $version - $(date)"
     save_command "#"
     save_command "date > $STATEDIR/restarted"
+    save_command "#"
 
     run_user_exit start
 
@@ -7558,12 +7559,14 @@ define_firewall() # $1 = Command (Start or Restart)
 
     report "Shorewall ${1}ed"
 
+    run_user_exit started
+
     rm -rf $TMP_DIR
 
     mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
     mv -f $RESTOREBASE /var/lib/shorewall/restore-tail    
 
-    run_user_exit started
+
 }
 
 #

Shorewall/help

@@ -249,11 +249,13 @@ save)
 	;;
 
 show)
-	echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos|zones]
+	echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|nat|tc|tos|zones]
 
     shorewall [-x] show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
     (iptables -L chain -n -v)
 
+    shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
+
     shorewall [-x] show nat - produce a verbose report about the nat table.
     (iptables -t nat -L -n -v)
 

Shorewall/init.sh

@@ -74,7 +74,7 @@ case "$command" in
 
     start)
 	
-	exec /sbin/shorewall $OPTIONS start
+	exec /sbin/shorewall $OPTIONS $@
 	;;
 
     stop|restart|status)

Shorewall/shorewall

@@ -51,6 +51,7 @@
 #						   broadcast address on any "detect"
 #						   interface.
 #	   shorewall show <chain> [ <chain> ... ]  Display the rules in each <chain> listed
+#          shorewall show actions                  Displays the available actions
 #	   shorewall show log			   Print the last 20 log messages
 #	   shorewall show connections		   Show the kernel's connection
 #						   tracking table
@@ -720,7 +721,7 @@ usage() # $1 = exit status
     echo "   restart [ <directory> ]"
     echo "   restore [ <file name> ]"
     echo "   save [ <file name> ]"
-    echo "   show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
+    echo "   show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
     echo "   start [ <directory> ]"
     echo "   stop"
     echo "   status"
@@ -1084,6 +1085,18 @@ case "$1" in
 	capabilities)
 	    exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
 	    ;;
+	actions)
+	    echo "allowBcast         #Silently Allow Broadcast/multicast"
+	    echo "dropBcast          #Silently Drop Broadcast/multicast"
+            echo "dropNotSyn         #Silently Drop Non-syn TCP packets"
+	    echo "rejNotSyn          #Silently Reject Non-syn TCP packets"
+	    echo "dropInvalid        #Silently Drop packets that are in the INVALID conntrack state"
+	    echo "allowInvalid       #Accept packets that are in the INVALID conntrack state."
+	    echo "allowoutUPnP       #Allow traffic from local command 'upnpd'"
+	    echo "allowinUPnP        #Allow UPnP inbound (to firewall) traffic"
+	    echo "forwardUPnP        #Allow traffic that upnpd has redirected from"
+	    cat /usr/share/shorewall/actions.std /etc/shorewall/actions | grep -Ev '^\#|^$'
+	    ;;
 	*)
 	    shift