From aaecd53a291518a8260061019a4565d7a987ba49 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 24 Jul 2005 16:27:21 +0000
Subject: [PATCH] Add 'shorewall show actions command' Make it possible for the
 'stopped' extension script to save commands in the 'restore-tail' file by
 calling 'run_and_save_command' and 'save_command'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/actions.std |  4 ++--
 Shorewall/firewall    |  5 ++++-
 Shorewall/help        |  4 +++-
 Shorewall/init.sh     |  2 +-
 Shorewall/shorewall   | 15 ++++++++++++++-
 5 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/Shorewall/actions.std b/Shorewall/actions.std
index 08e9377c9..a84e3b664 100644
--- a/Shorewall/actions.std
+++ b/Shorewall/actions.std
@@ -70,6 +70,6 @@ AllowDistcc	# accept Distributed Compiler traffic
 AllowEdonkey # accept edonkey traffic
 AllowGnutella # accept edonkey traffic
 
-Drop:DROP	#Common Action for DROP policy
-Reject:REJECT   #Common Action for REJECT policy
+Drop:DROP	   #Common Action for DROP policy
+Reject:REJECT      #Common Action for REJECT policy
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 84db05fa2..2d64a2beb 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -7547,6 +7547,7 @@ define_firewall() # $1 = Command (Start or Restart)
     save_command "# Restore tail file generated by Shorewall $version - $(date)"
     save_command "#"
     save_command "date > $STATEDIR/restarted"
+    save_command "#"
 
     run_user_exit start
 
@@ -7558,12 +7559,14 @@ define_firewall() # $1 = Command (Start or Restart)
 
     report "Shorewall ${1}ed"
 
+    run_user_exit started
+
     rm -rf $TMP_DIR
 
     mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
     mv -f $RESTOREBASE /var/lib/shorewall/restore-tail    
 
-    run_user_exit started
+
 }
 
 #
diff --git a/Shorewall/help b/Shorewall/help
index c71258134..60c21a5f1 100755
--- a/Shorewall/help
+++ b/Shorewall/help
@@ -249,11 +249,13 @@ save)
 	;;
 
 show)
-	echo "show: show [ <chain> [ <chain> ...] |classifiers|connections|log|nat|tc|tos|zones]
+	echo "show: show [ <chain> [ <chain> ...] |actions|classifiers|connections|log|nat|tc|tos|zones]
 
     shorewall [-x] show <chain> [ <chain> ... ]  - produce a verbose report about the IPtable chain(s).
     (iptables -L chain -n -v)
 
+    shorewall show actions - produce a list of builtin actions and actions defined in /usr/share/shorewall/actions.std and /etc/shorewall
+
     shorewall [-x] show nat - produce a verbose report about the nat table.
     (iptables -t nat -L -n -v)
 
diff --git a/Shorewall/init.sh b/Shorewall/init.sh
index 126fbef84..11f0b09a8 100644
--- a/Shorewall/init.sh
+++ b/Shorewall/init.sh
@@ -74,7 +74,7 @@ case "$command" in
 
     start)
 	
-	exec /sbin/shorewall $OPTIONS start
+	exec /sbin/shorewall $OPTIONS $@
 	;;
 
     stop|restart|status)
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 1bfbac900..41f7cb6df 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -51,6 +51,7 @@
 #						   broadcast address on any "detect"
 #						   interface.
 #	   shorewall show <chain> [ <chain> ... ]  Display the rules in each <chain> listed
+#          shorewall show actions                  Displays the available actions
 #	   shorewall show log			   Print the last 20 log messages
 #	   shorewall show connections		   Show the kernel's connection
 #						   tracking table
@@ -720,7 +721,7 @@ usage() # $1 = exit status
     echo "   restart [ <directory> ]"
     echo "   restore [ <file name> ]"
     echo "   save [ <file name> ]"
-    echo "   show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
+    echo "   show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
     echo "   start [ <directory> ]"
     echo "   stop"
     echo "   status"
@@ -1084,6 +1085,18 @@ case "$1" in
 	capabilities)
 	    exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock capabilities
 	    ;;
+	actions)
+	    echo "allowBcast         #Silently Allow Broadcast/multicast"
+	    echo "dropBcast          #Silently Drop Broadcast/multicast"
+            echo "dropNotSyn         #Silently Drop Non-syn TCP packets"
+	    echo "rejNotSyn          #Silently Reject Non-syn TCP packets"
+	    echo "dropInvalid        #Silently Drop packets that are in the INVALID conntrack state"
+	    echo "allowInvalid       #Accept packets that are in the INVALID conntrack state."
+	    echo "allowoutUPnP       #Allow traffic from local command 'upnpd'"
+	    echo "allowinUPnP        #Allow UPnP inbound (to firewall) traffic"
+	    echo "forwardUPnP        #Allow traffic that upnpd has redirected from"
+	    cat /usr/share/shorewall/actions.std /etc/shorewall/actions | grep -Ev '^\#|^$'
+	    ;;
 	*)
 	    shift