extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace trace, debug and nolock with options

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2020-03-07 15:10:20 -08:00
parent de761ac657
commit b52a330f41
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
8 changed files with 190 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Shorewall-core/lib.cli
View File

@ -4120,9 +4120,9 @@ start_command() {
if [ -x $g_firewall ]; then if [ -x $g_firewall ]; then
if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! $g_firewall -nt ${VARDIR}/${RESTOREFILE} ]; then if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! $g_firewall -nt ${VARDIR}/${RESTOREFILE} ]; then
run_it ${VARDIR}/${RESTOREFILE} $g_debugging restore run_it ${VARDIR}/${RESTOREFILE} restore
else else
run_it $g_firewall $g_debugging start run_it $g_firewall start
fi fi
rc=$? rc=$?
else else
@ -4256,7 +4256,7 @@ restart_command() {
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
if [ -x $g_firewall ]; then if [ -x $g_firewall ]; then
run_it $g_firewall $g_debugging $COMMAND run_it $g_firewall $COMMAND
rc=$? rc=$?
else else
error_message "$g_firewall is missing or is not executable" error_message "$g_firewall is missing or is not executable"
@ -4270,7 +4270,7 @@ restart_command() {
run_command() { run_command() {
if [ -x $g_firewall ] ; then if [ -x $g_firewall ] ; then
run_it $g_firewall $g_debugging $@ run_it $g_firewall $@
else else
fatal_error "$g_firewall does not exist or is not executable" fatal_error "$g_firewall does not exist or is not executable"
fi fi
@ -4287,7 +4287,13 @@ ecko() {
# #
usage() # $1 = exit status usage() # $1 = exit status
{ {
echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>" echo "Usage: $(basename $0) [ -T ] [ -D ] [ -N ] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
echo " -T : Direct the generated script to produce a shell trace to standard error"
echo " -D : Debug iptables commands"
echo " -N : Don't take the master shorewall lock"
echo " -q : Standard Shorewall verbosity control"
echo " -v : Standard Shorewall verbosity control"
echo " -t : Timestamp all messages"
echo "where <command> is one of:" echo "where <command> is one of:"
echo " add <interface>[:<host-list>] ... <zone>" echo " add <interface>[:<host-list>] ... <zone>"
echo " allow <address> ..." echo " allow <address> ..."
@ -4415,20 +4421,16 @@ usage() # $1 = exit status
# here if that lib is loaded below. # here if that lib is loaded below.
# #
shorewall_cli() { shorewall_cli() {
g_debugging=
if [ $# -gt 0 ] && [ "x$1" = "xdebug" -o "x$1" = "xtrace" ]; then
g_debugging=$1
shift
fi
g_nolock= g_nolock=
#
# We'll keep this around for a while so we don't break people's started scripts
#
if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
g_nolock=nolock g_nolock=nolock
shift shift
fi fi
g_debugging=
g_noroutes= g_noroutes=
g_purge= g_purge=
g_ipt_options="-nv" g_ipt_options="-nv"
@ -4456,6 +4458,7 @@ shorewall_cli() {
g_blacklistipset= g_blacklistipset=
g_disconnect= g_disconnect=
g_havemutex= g_havemutex=
g_trace=
VERBOSE= VERBOSE=
VERBOSITY=1 VERBOSITY=1
@ -4587,6 +4590,17 @@ shorewall_cli() {
finished=1 finished=1
option= option=
;; ;;
T*)
g_debugging=trace
option=${option#T}
;;
D*)
g_debugging=debug
option=${option#D}
;;
N*)
g_nolock=nolock
;;
*) *)
option_error $option option_error $option
;; ;;
@ -4639,7 +4653,7 @@ shorewall_cli() {
get_config get_config
[ -x $g_firewall ] || fatal_error "$g_product has never been started" [ -x $g_firewall ] || fatal_error "$g_product has never been started"
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
run_it $g_firewall $g_debugging $COMMAND run_it $g_firewall $COMMAND
[ -n "$g_nolock" ] || mutex_off [ -n "$g_nolock" ] || mutex_off
;; ;;
reset) reset)
@ -4648,7 +4662,7 @@ shorewall_cli() {
shift shift
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
[ -x $g_firewall ] || fatal_error "$g_product has never been started" [ -x $g_firewall ] || fatal_error "$g_product has never been started"
run_it $g_firewall $g_debugging reset $@ run_it $g_firewall reset $@
[ -n "$g_nolock" ] || mutex_off [ -n "$g_nolock" ] || mutex_off
;; ;;
reload|restart) reload|restart)
@ -4661,7 +4675,7 @@ shorewall_cli() {
only_root only_root
get_config Yes get_config Yes
if product_is_started; then if product_is_started; then
run_it $g_firewall $g_debugging $@ run_it $g_firewall $@
else else
fatal_error "$g_product is not running" fatal_error "$g_product is not running"
fi fi
@ -4816,7 +4830,7 @@ shorewall_cli() {
# It isn't a function visible to this script -- try # It isn't a function visible to this script -- try
# the compiled firewall # the compiled firewall
# #
run_it $g_firewall $g_debugging call $@ run_it $g_firewall call $@
fi fi
else else
missing_argument missing_argument

16
Shorewall-core/lib.common
View File

@ -92,18 +92,20 @@ startup_error() # $* = Error Message
# #
run_it() { run_it() {
local script local script
local options local options='-'
export VARDIR export VARDIR
script=$1 script=$1
shift shift
if [ x$1 = xtrace -o x$1 = xdebug ]; then
options="$1 -" if [ "$g_debugging" = debug ]; then
shift; options='-D'
elif [ "$g_debugging" = trace ]; then
options='-T'
else else
options='-' options='-';
fi fi
[ -n "$g_noroutes" ] && options=${options}n [ -n "$g_noroutes" ] && options=${options}n
@ -736,8 +738,8 @@ truncate() # $1 = length
# #
# Call this function to assert mutual exclusion with Shorewall. If you invoke the # Call this function to assert mutual exclusion with Shorewall. If you invoke the
# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as # /sbin/shorewall program while holding mutual exclusion, you should pass -N as
# the first argument. Example "shorewall nolock refresh" # the first argument. Example "shorewall -N refresh"
# #
# This function uses the lockfile utility from procmail if it exists. # This function uses the lockfile utility from procmail if it exists.
# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the # Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the

263
Shorewall-core/manpages/shorewall.xml
View File

@ -21,9 +21,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg rep="norepeat">options</arg> <arg rep="norepeat">options</arg>
<arg choice="plain"><option>add {</option></arg> <arg choice="plain"><option>add {</option></arg>
@ -39,9 +36,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>allow</option></arg> <arg choice="plain"><option>allow</option></arg>
@ -52,9 +46,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>blacklist</option></arg> <arg choice="plain"><option>blacklist</option></arg>
@ -67,9 +58,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>call</option></arg> <arg choice="plain"><option>call</option></arg>
@ -106,9 +94,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -118,9 +103,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>close</option><arg choice="req"> <arg choice="plain"><option>close</option><arg choice="req">
@ -159,9 +141,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg rep="norepeat">options</arg> <arg rep="norepeat">options</arg>
<arg choice="plain"><option>delete {</option></arg> <arg choice="plain"><option>delete {</option></arg>
@ -177,9 +156,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>disable</option></arg> <arg choice="plain"><option>disable</option></arg>
@ -191,9 +167,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>drop</option></arg> <arg choice="plain"><option>drop</option></arg>
@ -204,8 +177,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>dump</option></arg> <arg choice="plain"><option>dump</option></arg>
@ -222,9 +193,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>enable</option></arg> <arg choice="plain"><option>enable</option></arg>
@ -236,9 +204,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>export</option></arg> <arg choice="plain"><option>export</option></arg>
@ -252,9 +217,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>forget</option></arg> <arg choice="plain"><option>forget</option></arg>
@ -265,8 +227,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>help</option></arg> <arg choice="plain"><option>help</option></arg>
@ -275,8 +235,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[-lite]</command> <command>shorewall[-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -286,8 +244,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[-lite]</command> <command>shorewall[-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>ipcalc</option></arg> <arg choice="plain"><option>ipcalc</option></arg>
@ -304,8 +260,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[-lite]</command> <command>shorewall[-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>iprange</option></arg> <arg choice="plain"><option>iprange</option></arg>
@ -317,8 +271,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>iptrace</option></arg> <arg choice="plain"><option>iptrace</option></arg>
@ -330,9 +282,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>logdrop</option></arg> <arg choice="plain"><option>logdrop</option></arg>
@ -343,8 +292,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>logwatch</option></arg> <arg choice="plain"><option>logwatch</option></arg>
@ -357,9 +304,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>logreject</option></arg> <arg choice="plain"><option>logreject</option></arg>
@ -370,8 +314,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>noiptrace</option></arg> <arg choice="plain"><option>noiptrace</option></arg>
@ -394,9 +336,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>reenable</option></arg> <arg choice="plain"><option>reenable</option></arg>
@ -408,9 +347,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>reject</option></arg> <arg choice="plain"><option>reject</option></arg>
@ -421,9 +357,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>reload</option></arg> <arg choice="plain"><option>reload</option></arg>
@ -448,10 +381,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg>
<arg choice="plain"><option>remote-getcaps</option></arg> <arg choice="plain"><option>remote-getcaps</option></arg>
<arg><option>-s</option></arg> <arg><option>-s</option></arg>
@ -472,8 +401,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>remote-getrc</option></arg> <arg choice="plain"><option>remote-getrc</option></arg>
@ -496,8 +423,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>remote-start</option></arg> <arg choice="plain"><option>remote-start</option></arg>
@ -520,8 +445,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>remote-reload</option></arg> <arg choice="plain"><option>remote-reload</option></arg>
@ -544,8 +467,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>remote-restart</option></arg> <arg choice="plain"><option>remote-restart</option></arg>
@ -568,9 +489,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -581,9 +499,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>restart</option></arg> <arg choice="plain"><option>restart</option></arg>
@ -608,9 +523,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -622,9 +534,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>run</option></arg> <arg choice="plain"><option>run</option></arg>
@ -637,9 +546,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>safe-restart</option></arg> <arg choice="plain"><option>safe-restart</option></arg>
@ -656,8 +562,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>safe-start</option></arg> <arg choice="plain"><option>safe-start</option></arg>
@ -674,9 +578,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -688,9 +589,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>savesets</option></arg> <arg choice="plain"><option>savesets</option></arg>
@ -699,8 +597,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -713,8 +609,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -735,8 +629,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -761,8 +653,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -774,8 +664,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -787,8 +675,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -800,8 +686,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -814,8 +698,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -827,8 +709,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -841,8 +721,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -853,8 +731,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="req"><option>show | list | ls </option></arg> <arg choice="req"><option>show | list | ls </option></arg>
@ -867,8 +743,7 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg <arg choice="opt"><option>trace</option>|<option>debug</option></arg>
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
@ -892,9 +767,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -904,8 +776,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><arg <arg choice="plain"><arg
@ -915,9 +785,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>try</option></arg> <arg choice="plain"><option>try</option></arg>
@ -930,8 +797,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6]</command> <command>shorewall[6]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg choice="plain"><option>update</option></arg> <arg choice="plain"><option>update</option></arg>
@ -956,8 +821,6 @@
<cmdsynopsis> <cmdsynopsis>
<command>shorewall[6][-lite]</command> <command>shorewall[6][-lite]</command>
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
<arg>options</arg> <arg>options</arg>
<arg <arg
@ -1025,16 +888,7 @@
<refsect1> <refsect1>
<title>Options</title> <title>Options</title>
<para>The <option>trace</option> and <option>debug</option> options are <para>The <replaceable>options</replaceable> are:</para>
used for debugging. See <ulink
url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.org/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
<para>The <option>nolock</option> option prevents the command from
attempting to acquire the Shorewall lockfile. It is useful if you need to
include <command>shorewall</command> commands in
<filename>/etc/shorewall/started</filename>.</para>
<para>Other <replaceable>options</replaceable> are:</para>
<variablelist> <variablelist>
<varlistentry> <varlistentry>
@ -1176,6 +1030,40 @@
<para>Causes all progress messages to be timestamped.</para> <para>Causes all progress messages to be timestamped.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>-T</term>
<listitem>
<para>If the command invokes the generated firewall script, the
script's execution will be traced to standard error. This option
replaces the earlier <emphasis role="bold">trace</emphasis>
keyword.</para>
<caution>
<para>If both -T and -D are specified, only the last one specified
will be in effect.</para>
</caution>
</listitem>
</varlistentry>
<varlistentry>
<term>-D</term>
<listitem>
<para>If the command invokes the generated firewall script,
individual invocations of the ip[6]tables utility will be used to
configure the ruleset rather than ip[6]tables-restore. This is
useful for diagnosing ip[6]tables-restore failures on a *COMMIT
command. The option replaces the earlier <emphasis
role="bold">debug</emphasis> keyword.</para>
<caution>
<para>If both -T and -D are specified, only the last one specified
will be in effect.</para>
</caution>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>
@ -1214,11 +1102,12 @@
<para>Beginning with Shorewall 4.5.9, the <emphasis <para>Beginning with Shorewall 4.5.9, the <emphasis
role="bold">dynamic_shared</emphasis> zone option (<ulink role="bold">dynamic_shared</emphasis> zone option (<ulink
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),<ulink url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),<ulink
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5)) allows a single ipset to url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5))
handle entries for multiple interfaces. When that option is allows a single ipset to handle entries for multiple interfaces.
specified for a zone, the <command>add</command> command has the When that option is specified for a zone, the <command>add</command>
alternative syntax in which the <replaceable>zone</replaceable> name command has the alternative syntax in which the
precedes the <replaceable>host-list</replaceable>.</para> <replaceable>zone</replaceable> name precedes the
<replaceable>host-list</replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1294,7 +1183,7 @@
<term><emphasis role="bold">check</emphasis> [-<option>e</option>] <term><emphasis role="bold">check</emphasis> [-<option>e</option>]
[-<option>d</option>] [-<option>p</option>] [-<option>r</option>] [-<option>d</option>] [-<option>p</option>] [-<option>r</option>]
[-<option>T</option>] [-<option>i</option>] [-<option>T</option>] [-<option>i</option>]
[<replaceable>directory</replaceable>]</term> [-D][<replaceable>directory</replaceable>]</term>
<listitem> <listitem>
<para>Not available with Shorewall[6]-lite.</para> <para>Not available with Shorewall[6]-lite.</para>
@ -1333,6 +1222,10 @@
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
(<ulink (<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
<para>The <emphasis role="bold">-D </emphasis>option was added in
Shoewall 5.2.4 and causes the compiler to write a large amount of
debugging information to standard output.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1383,8 +1276,9 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">compile </emphasis>[-<option>e</option>] <term><emphasis role="bold">compile </emphasis>[-<option>e</option>]
[-<option>c</option>] [-<option>d</option>] [-<option>p</option>] [-<option>c</option>] [-<option>d</option>] [-<option>p</option>]
[-<option>T</option>] [-<option>i</option>] [<replaceable> directory [-<option>T</option>] [-<option>i</option>] [-D] [<replaceable>
</replaceable>] [<replaceable> pathname</replaceable> ]</term> directory </replaceable>] [<replaceable> pathname</replaceable>
]</term>
<listitem> <listitem>
<para>Not available with shorewall[6]-lite.</para> <para>Not available with shorewall[6]-lite.</para>
@ -1441,6 +1335,10 @@
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
(<ulink (<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para> url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
<para>The <emphasis role="bold">-D </emphasis>option was added in
Shoewall 5.2.4 and causes the compiler to write a large amount of
debugging information to standard output.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1700,16 +1598,16 @@
<para>Monitors the log file specified by the LOGFILE option in <para>Monitors the log file specified by the LOGFILE option in
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) <ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
(<ulink (<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) and
and produces an audible alarm when new Shorewall messages are produces an audible alarm when new Shorewall messages are logged.
logged. The <emphasis role="bold">-m</emphasis> option causes the The <emphasis role="bold">-m</emphasis> option causes the MAC
MAC address of each packet source to be displayed if that address of each packet source to be displayed if that information is
information is available. The available. The <replaceable>refresh-interval</replaceable> specifies
<replaceable>refresh-interval</replaceable> specifies the time in the time in seconds between screen refreshes. You can enter a
seconds between screen refreshes. You can enter a negative number by negative number by preceding the number with "--" (e.g.,
preceding the number with "--" (e.g., <command>shorewall logwatch -- <command>shorewall logwatch -- -30</command>). In this case, when a
-30</command>). In this case, when a packet count changes, you will packet count changes, you will be prompted to hit any key to resume
be prompted to hit any key to resume screen refreshes.</para> screen refreshes.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1824,7 +1722,8 @@
<term><emphasis role="bold">reload </emphasis>[-<option>n</option>] <term><emphasis role="bold">reload </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>] [-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>] [-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term> [-<option>C</option>] [-D] [ <replaceable>directory</replaceable>
]</term>
<listitem> <listitem>
<para>This command was re-implemented in Shorewall 5.0.0. The <para>This command was re-implemented in Shorewall 5.0.0. The
@ -1889,6 +1788,10 @@
the one that generated the current running configuration, then the one that generated the current running configuration, then
the running netfilter configuration will be reloaded as is so the running netfilter configuration will be reloaded as is so
as to preserve the iptables packet and byte counters.</para> as to preserve the iptables packet and byte counters.</para>
<para>The <emphasis role="bold">-D </emphasis>option was added
in Shoewall 5.2.4 and causes the compiler to write a large
amount of debugging information to standard output.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2071,7 +1974,8 @@
Beginning with Shorewall 5.0.13, if Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL <replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink option setting in <ulink
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> (<ulink url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>
(<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
assumed. In that case, if you want to specify a assumed. In that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option> <replaceable>directory</replaceable>, then the <option>-D</option>
@ -2144,7 +2048,8 @@
Beginning with Shorewall 5.0.13, if Beginning with Shorewall 5.0.13, if
<replaceable>system</replaceable> is omitted, then the FIREWALL <replaceable>system</replaceable> is omitted, then the FIREWALL
option setting in <ulink option setting in <ulink
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> (<ulink url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>
(<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
assumed. In that case, if you want to specify a assumed. In that case, if you want to specify a
<replaceable>directory</replaceable>, then the <option>-D</option> <replaceable>directory</replaceable>, then the <option>-D</option>
@ -2178,6 +2083,10 @@
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
(<ulink (<ulink
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <emphasis role="bold">-D </emphasis>option was added in
Shoewall 5.2.4 and causes the compiler to write a large amount of
debugging information to standard output.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2204,7 +2113,8 @@
<term><emphasis role="bold">restart </emphasis>[-<option>n</option>] <term><emphasis role="bold">restart </emphasis>[-<option>n</option>]
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>] [-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>] [-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term> [-<option>C</option>] [-D] [ <replaceable>directory</replaceable>
]</term>
<listitem> <listitem>
<para>Beginning with Shorewall 5.0.0, this command performs a true <para>Beginning with Shorewall 5.0.0, this command performs a true
@ -2264,6 +2174,10 @@
the one that generated the current running configuration, then the one that generated the current running configuration, then
the running netfilter configuration will be reloaded as is so the running netfilter configuration will be reloaded as is so
as to preserve the iptables packet and byte counters.</para> as to preserve the iptables packet and byte counters.</para>
<para>The <emphasis role="bold">-D </emphasis>option was added
in Shoewall 5.2.4 and causes the compiler to write a large
amount of debugging information to standard output.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2831,8 +2745,8 @@
<term><emphasis role="bold">start </emphasis><emphasis role="bold"> <term><emphasis role="bold">start </emphasis><emphasis role="bold">
</emphasis>[-<option>n</option>] [-<option>p</option>] </emphasis>[-<option>n</option>] [-<option>p</option>]
[-<option>d</option>] [-<option>f</option>] [-<option>c</option>] [-<option>d</option>] [-<option>f</option>] [-<option>c</option>]
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [ [-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [-D]
<replaceable>directory</replaceable> ]</term> [ <replaceable>directory</replaceable> ]</term>
<listitem> <listitem>
<para><variablelist> <para><variablelist>
@ -2906,6 +2820,11 @@
option was also specified in the <emphasis option was also specified in the <emphasis
role="bold">save</emphasis> command, then the packet and role="bold">save</emphasis> command, then the packet and
byte counters will be restored.</para> byte counters will be restored.</para>
<para>The <emphasis role="bold">-D </emphasis>option was
added in Shoewall 5.2.4 and causes the compiler to write a
large amount of debugging information to standard
output.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

25
Shorewall/Perl/prog.footer
View File

@ -54,6 +54,8 @@ usage() {
echo " -c Save/restore iptables counters" echo " -c Save/restore iptables counters"
echo " -V <verbosity> Set verbosity explicitly" echo " -V <verbosity> Set verbosity explicitly"
echo " -R <file> Override RESTOREFILE setting" echo " -R <file> Override RESTOREFILE setting"
echo " -T Trace execution"
echo " -D Debug iptables"
exit $1 exit $1
} }
@ -109,20 +111,6 @@ reload_command() {
# E X E C U T I O N B E G I N S H E R E # # E X E C U T I O N B E G I N S H E R E #
################################################################################ ################################################################################
# #
# Start trace if first arg is "debug" or "trace"
#
g_debug_iptables=
if [ $# -gt 1 ]; then
if [ "x$1" = "xtrace" ]; then
set -x
shift
elif [ "x$1" = "xdebug" ]; then
g_debug_iptables=Yes
shift
fi
fi
#
# Map VERBOSE to VERBOSITY for compatibility with old Shorewall[6]-lite installations # Map VERBOSE to VERBOSITY for compatibility with old Shorewall[6]-lite installations
# #
[ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE [ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
@ -152,6 +140,7 @@ g_dockeriso=
g_dockerisostage= g_dockerisostage=
g_forcereload= g_forcereload=
g_fallback= g_fallback=
g_debug_iptables=
[ -n "$SERVICEDIR" ] && SUBSYSLOCK= [ -n "$SERVICEDIR" ] && SUBSYSLOCK=
@ -258,6 +247,14 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
RESTOREFILE=$option RESTOREFILE=$option
option= option=
;; ;;
T*)
set -x;
option=${option#T}
;;
D*)
g_debug_iptables=Yes
option=${option#D}
;;
*) *)
usage 1 usage 1
;; ;;

2
Shorewall/configfiles/started
View File

@ -8,7 +8,7 @@
# signaling that the firewall is completely up). # signaling that the firewall is completely up).
# #
# This script should not change the firewall configuration directly but # This script should not change the firewall configuration directly but
# may do so indirectly by running /sbin/shorewall with the 'nolock' # may do so indirectly by running /sbin/shorewall with the -N
# option. # option.
# #
# See http://shorewall.org/shorewall_extension_scripts.htm for additional # See http://shorewall.org/shorewall_extension_scripts.htm for additional

68
Shorewall/lib.cli-std
View File

@ -503,7 +503,7 @@ compiler() {
[ -n "$g_timestamp" ] && options="$options --timestamp" [ -n "$g_timestamp" ] && options="$options --timestamp"
[ -n "$g_test" ] && options="$options --test" [ -n "$g_test" ] && options="$options --test"
[ -n "$g_preview" ] && options="$options --preview" [ -n "$g_preview" ] && options="$options --preview"
[ "$g_debugging" = trace ] && options="$options --debug" [ -n "$g_trace" ] && options="$options --debug"
[ -n "$g_confess" ] && options="$options --confess" [ -n "$g_confess" ] && options="$options --confess"
[ -n "$g_update" ] && options="$options --update" [ -n "$g_update" ] && options="$options --update"
[ -n "$g_annotate" ] && options="$options --annotate" [ -n "$g_annotate" ] && options="$options --annotate"
@ -531,7 +531,7 @@ compiler() {
# #
# Only use the pager if 'trace' or -r was specified and -d was not # Only use the pager if 'trace' or -r was specified and -d was not
# #
[ "$g_debugging" != trace -a -z "$g_preview" ] || [ -n "$g_debug" ] && g_pager= [ -z "$g_trace" -a -z "$g_preview" ] || [ -n "$g_debug" ] && g_pager=
case $PERL_HASH_SEED in case $PERL_HASH_SEED in
random) random)
@ -615,6 +615,10 @@ start_command() {
g_counters=Yes g_counters=Yes
option=${option#C} option=${option#C}
;; ;;
D*)
g_trace=Yes
option=${option#D}
;;
*) *)
option_error $option option_error $option
;; ;;
@ -660,14 +664,14 @@ start_command() {
if [ -n "$AUTOMAKE" ]; then if [ -n "$AUTOMAKE" ]; then
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
run_it $g_firewall $g_debugging start run_it $g_firewall start
rc=$? rc=$?
[ -n "$g_nolock" ] || mutex_off [ -n "$g_nolock" ] || mutex_off
else else
g_file="${VARDIR}/.start" g_file="${VARDIR}/.start"
if compiler $g_debugging $g_nolock compile "$g_file"; then if compiler compile "$g_file"; then
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
run_it ${VARDIR}/.start $g_debugging start run_it ${VARDIR}/.start start
rc=$? rc=$?
[ -n "$g_nolock" ] || mutex_off [ -n "$g_nolock" ] || mutex_off
else else
@ -721,6 +725,10 @@ compile_command() {
g_confess=Yes g_confess=Yes
option=${option#T} option=${option#T}
;; ;;
D*)
g_trace=Yes
option=${option#D}
;;
-) -)
finished=1 finished=1
option= option=
@ -768,7 +776,7 @@ compile_command() {
[ "x$g_file" = x- ] && g_doing='' [ "x$g_file" = x- ] && g_doing=''
compiler $g_debugging compile "$g_file" compiler compile "$g_file"
} }
# #
@ -815,6 +823,10 @@ check_command() {
g_confess=Yes g_confess=Yes
option=${option#T} option=${option#T}
;; ;;
D*)
g_trace=Yes
option=${option#D}
;;
*) *)
option_error $option option_error $option
;; ;;
@ -851,7 +863,7 @@ check_command() {
g_doing="Checking" g_doing="Checking"
compiler $g_debugging $g_nolock check compiler check
} }
# #
@ -906,6 +918,10 @@ update_command() {
A*) A*)
option=${option#A} option=${option#A}
;; ;;
D*)
g_trace=Yes
option=${option#D}
;;
*) *)
option_error $option option_error $option
;; ;;
@ -942,7 +958,7 @@ update_command() {
g_doing="Updating" g_doing="Updating"
compiler $g_debugging $g_nolock check compiler check
} }
# #
@ -999,6 +1015,10 @@ restart_command() {
g_counters=Yes g_counters=Yes
option=${option#C} option=${option#C}
;; ;;
D*)
g_trace=Yes
option=${option#D}
;;
*) *)
option_error $option option_error $option
;; ;;
@ -1044,9 +1064,9 @@ restart_command() {
g_file="${VARDIR}/.${COMMAND}" g_file="${VARDIR}/.${COMMAND}"
if [ -z "$g_fast" ]; then if [ -z "$g_fast" ]; then
if compiler $g_debugging $g_nolock compile "$g_file"; then if compiler compile "$g_file"; then
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
run_it ${VARDIR}/.${COMMAND} $g_debugging ${COMMAND} run_it ${VARDIR}/.${COMMAND} ${COMMAND}
rc=$? rc=$?
[ -n "$g_nolock" ] || mutex_off [ -n "$g_nolock" ] || mutex_off
else else
@ -1056,7 +1076,7 @@ restart_command() {
else else
[ -x $g_firewall ] || fatal_error "No $g_firewall file found" [ -x $g_firewall ] || fatal_error "No $g_firewall file found"
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
run_it $g_firewall $g_debugging $COMMAND run_it $g_firewall $COMMAND
rc=$? rc=$?
[ -n "$g_nolock" ] || mutex_off [ -n "$g_nolock" ] || mutex_off
fi fi
@ -1197,7 +1217,7 @@ safe_commands() {
g_file="${VARDIR}/.$command" g_file="${VARDIR}/.$command"
if ! compiler $g_debugging nolock compile "$g_file"; then if ! compiler compile "$g_file"; then
status=$? status=$?
exit $status exit $status
fi fi
@ -1223,7 +1243,7 @@ safe_commands() {
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
if run_it ${VARDIR}/.$command $g_debugging $command; then if run_it ${VARDIR}/.$command $command; then
printf "Do you want to accept the new firewall configuration? [y/n] " printf "Do you want to accept the new firewall configuration? [y/n] "
@ -1334,7 +1354,7 @@ try_command() {
g_file="${VARDIR}/.$command" g_file="${VARDIR}/.$command"
if ! compiler $g_debugging $g_nolock compile "$g_file"; then if ! compiler compile "$g_file"; then
status=$? status=$?
exit $status exit $status
fi fi
@ -1356,7 +1376,7 @@ try_command() {
[ -n "$g_nolock" ] || mutex_on [ -n "$g_nolock" ] || mutex_on
if run_it ${VARDIR}/.$command $g_debugging $command && [ -n "$timeout" ]; then if run_it ${VARDIR}/.$command $command && [ -n "$timeout" ]; then
sleep $timeout sleep $timeout
if [ "$command" = "reload" ]; then if [ "$command" = "reload" ]; then
@ -1606,6 +1626,10 @@ remote_commands() # $* = original arguments less the command.
g_confess=Yes g_confess=Yes
option=${option#T} option=${option#T}
;; ;;
D*)
g_trace=Yes
option=${option#D}
;;
*) *)
option_error $option option_error $option
;; ;;
@ -1697,7 +1721,7 @@ remote_commands() # $* = original arguments less the command.
exitstatus=0 exitstatus=0
if compiler $g_debugging compiler "$g_file"; then if compiler compiler "$g_file"; then
progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..." progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..."
if rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir}; then if rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir}; then
save=$(find_file save); save=$(find_file save);
@ -1712,20 +1736,20 @@ remote_commands() # $* = original arguments less the command.
progress_message3 "Copy complete" progress_message3 "Copy complete"
if [ $COMMAND = remote-reload ]; then if [ $COMMAND = remote-reload ]; then
if rsh_command "$program $g_debugging $verbose $timestamp reload"; then if rsh_command "$program $verbose $timestamp reload"; then
progress_message3 "System $system reloaded" progress_message3 "System $system reloaded"
else else
exitstatus=$? exitstatus=$?
savit= savit=
fi fi
elif [ $COMMAND = remote-restart ]; then elif [ $COMMAND = remote-restart ]; then
if rsh_command "$program $g_debugging $verbose $timestamp restart"; then if rsh_command "$program $verbose $timestamp restart"; then
progress_message3 "System $system restarted" progress_message3 "System $system restarted"
else else
exitstatus=$? exitstatus=$?
saveit= saveit=
fi fi
elif rsh_command "$program $g_debugging $verbose $timestamp start"; then elif rsh_command "$program $verbose $timestamp start"; then
progress_message3 "System $system started" progress_message3 "System $system started"
else else
exitstatus=$? exitstatus=$?
@ -1733,7 +1757,7 @@ remote_commands() # $* = original arguments less the command.
fi fi
if [ -n "$saveit" ]; then if [ -n "$saveit" ]; then
if rsh_command "$program $g_debugging $verbose $timestamp save"; then if rsh_command "$program $verbose $timestamp save"; then
progress_message3 "Configuration on system $system saved" progress_message3 "Configuration on system $system saved"
else else
exitstatus=$? exitstatus=$?
@ -1816,7 +1840,7 @@ export_command() # $* = original arguments less the command.
g_file="$g_shorewalldir/firewall" g_file="$g_shorewalldir/firewall"
if compiler $g_debugging compile "$g_file" && \ if compiler compile "$g_file" && \
echo "Copying $file and ${file}.conf to ${target#*@}..." && \ echo "Copying $file and ${file}.conf to ${target#*@}..." && \
scp $g_shorewalldir/firewall $g_shorewalldir/firewall.conf $target scp $g_shorewalldir/firewall $g_shorewalldir/firewall.conf $target
then then
@ -1831,7 +1855,7 @@ export_command() # $* = original arguments less the command.
run_command() { run_command() {
if [ -x $g_firewall ] ; then if [ -x $g_firewall ] ; then
uptodate $g_firewall || echo " WARNING: $g_firewall is not up to date" >&2 uptodate $g_firewall || echo " WARNING: $g_firewall is not up to date" >&2
run_it $g_firewall $g_debugging $@ run_it $g_firewall $@
else else
fatal_error "$g_firewall does not exist or is not executable" fatal_error "$g_firewall does not exist or is not executable"
fi fi

2
Shorewall6/configfiles/started
View File

@ -8,7 +8,7 @@
# firewall is completely up). # firewall is completely up).
# #
# This script should not change the firewall configuration directly but # This script should not change the firewall configuration directly but
# may do so indirectly by running /sbin/shorewall6 with the 'nolock' # may do so indirectly by running /sbin/shorewall6 with the '-N'
# option. # option.
# #
# See http://shorewall.org/shorewall_extension_scripts.htm for additional # See http://shorewall.org/shorewall_extension_scripts.htm for additional

31
docs/starting_and_stopping_shorewall.xml
View File

@ -259,37 +259,6 @@
</warning> </warning>
</section> </section>
<section id="Boot">
<title>Having Shorewall Start Automatically at Boot Time</title>
<para>The .rpm, .deb and .tgz all try to configure your startup scripts so
that Shorewall will start automatically at boot time. If you are using the
<command>install.sh </command>script from the .tgz and it cannot determine
how to configure automatic startup, a message to that effect will be
displayed. You will need to consult your distribution's documentation to
see how to integrate the <filename>/etc/init.d/shorewall</filename> script
into the distribution's startup mechanism.<caution>
<itemizedlist>
<listitem>
<para>Shorewall startup is disabled by default. Once you have
configured your firewall, you can enable startup by editing
<filename>/etc/shorewall/shorewall.conf</filename> and setting
STARTUP_ENABLED=Yes.. Note: Users of the .deb package must rather
edit <filename>/etc/default/shorewall</filename> and set
<quote>startup=1</quote>.</para>
</listitem>
<listitem>
<para>If you use dialup or some flavor of PPP where your IP
address can change arbitrarily, you may want to start the firewall
in your <command>/etc/ppp/ip-up.local</command> script. I
recommend just placing <quote><command>/sbin/shorewall
restart</command></quote> in that script.</para>
</listitem>
</itemizedlist>
</caution></para>
</section>
<section id="Saved"> <section id="Saved">
<title>Saving a Working Configuration for Error Recovery and Fast <title>Saving a Working Configuration for Error Recovery and Fast
Startup</title> Startup</title>