diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 5667807c0..910e2e72f 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -3414,7 +3414,11 @@ start_command() { [ -n "$g_nolock" ] || mutex_on if [ -x ${VARDIR}/firewall ]; then - run_it ${VARDIR}/firewall $g_debugging start + if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! ${VARDIR}/firewall -nt ${VARDIR}/${RESTOREFILE} ]; then + run_it ${VARDIR}/${RESTOREFILE} $g_debugging restore + else + run_it ${VARDIR}/firewall $g_debugging start + fi rc=$? else error_message "${VARDIR}/firewall is missing or is not executable" @@ -3450,6 +3454,10 @@ start_command() { finished=1 option= ;; + f*) + g_fast=Yes + option=${option#f} + ;; p*) [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system" g_purge=Yes @@ -3583,7 +3591,6 @@ usage() # $1 = exit status echo " logreject
..." echo " logwatch []" echo " reject
..." - echo " recover [ -n ] [ -p ]" echo " reset [ ... ]" echo " restart [ -n ] [ -p ] [ -f ] [ ]" echo " restore [ -n ] [ -p ] [ ]" @@ -3852,15 +3859,6 @@ shorewall_cli() { shift restart_command $@ ;; - recover) - get_config Yes Yes - shift - if [ -n "$SAVE_COUNTERS" -a -f ${VARDIR}/${RESTOREFILE} ]; then - restore_command $@ - else - start_command $@ - fi - ;; disable|enable) get_config Yes if product_is_started; then diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml index 5af5b62b7..fb7173ff0 100644 --- a/Shorewall-lite/manpages/shorewall-lite.xml +++ b/Shorewall-lite/manpages/shorewall-lite.xml @@ -474,6 +474,8 @@ + + @@ -1102,6 +1104,15 @@ The option causes the connection tracking table to be flushed; the conntrack utility must be installed to use this option. + + The option prevents the firewall script + from modifying the current routing configuration. + + The option was added in Shorewall 4.6.5. + If the RESTOREFILE named in shorewall.conf(5) exists, is + executable and is not older than the current filewall script, then + that saved configuration is restored. diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 8c4769fb3..a3490c6ea 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -1669,7 +1669,6 @@ usage() # $1 = exit status echo " noiptrace " fi - echo " recover [ -n ] [ -p ]" echo " refresh [ -d ] [ -n ] [ -T ] [ -D ] [ ... ]" echo " reject
..." echo " reload [ -s ] [ -c ] [ -r ] [ -T ] [ -i ] [ ] " diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 75784394c..39db5ee9f 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -357,18 +357,6 @@ expression - - shorewall - - | - - -options - - - - shorewall @@ -1259,29 +1247,6 @@ - - recover - - - Added in Shorewall 4.6.5. - - If SAVE_COUNTERS=Yes in shorewall.conf(5) and if - the file specified by the RESTOREFILE option in shorewall.conf(5) exists - and is executable, then the command is the same as the restore command. Otherwise, it is treated the - same as the start command. - - The option causes Shorewall to avoid - updating the routing table(s). - - The option causes the connection tracking - table to be flushed; the conntrack utility must - be installed to use this option. - - - refresh diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml index a12b4c953..29bcaa415 100644 --- a/Shorewall6-lite/manpages/shorewall6-lite.xml +++ b/Shorewall6-lite/manpages/shorewall6-lite.xml @@ -474,6 +474,8 @@ + + @@ -1092,7 +1094,7 @@ start - Start Shorewall Lite. Existing connections through + Start Shorewall6 Lite. Existing connections through shorewall6-lite managed interfaces are untouched. New connections will be allowed only if they are allowed by the firewall rules or policies. @@ -1100,6 +1102,15 @@ The option causes the connection tracking table to be flushed; the conntrack utility must be installed to use this option. + + The option prevents the firewall script + from modifying the current routing configuration. + + The option was added in Shorewall 4.6.5. + If the RESTOREFILE named in shorewall.conf(5) exists, is + executable and is not older than the current filewall script, then + that saved configuration is restored.