From b7ab82dba4529f14ae82c78668ec36d7fcd1c054 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 30 Oct 2014 10:42:39 -0700
Subject: [PATCH] Implement -f option in the -lite products' start command

- Remove 'recover' command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli                       | 20 +++++------
 Shorewall-lite/manpages/shorewall-lite.xml   | 11 ++++++
 Shorewall/lib.cli-std                        |  1 -
 Shorewall/manpages/shorewall.xml             | 35 --------------------
 Shorewall6-lite/manpages/shorewall6-lite.xml | 13 +++++++-
 5 files changed, 32 insertions(+), 48 deletions(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 5667807c0..910e2e72f 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -3414,7 +3414,11 @@ start_command() {
 	[ -n "$g_nolock" ] || mutex_on
 
 	if [ -x ${VARDIR}/firewall ]; then
-	    run_it ${VARDIR}/firewall $g_debugging start
+	    if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! ${VARDIR}/firewall -nt ${VARDIR}/${RESTOREFILE} ]; then
+		run_it ${VARDIR}/${RESTOREFILE} $g_debugging restore
+	    else
+		run_it ${VARDIR}/firewall $g_debugging start
+	    fi
 	    rc=$?
 	else
 	    error_message "${VARDIR}/firewall is missing or is not executable"
@@ -3450,6 +3454,10 @@ start_command() {
 			    finished=1
 			    option=
 			    ;;
+			f*)
+			    g_fast=Yes
+			    option=${option#f}
+			    ;;
 			p*)
 			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"
 			    g_purge=Yes
@@ -3583,7 +3591,6 @@ usage() # $1 = exit status
     echo "   logreject <address> ..."
     echo "   logwatch [<refresh interval>]"
     echo "   reject <address> ..."
-    echo "   recover [ -n ] [ -p ]"
     echo "   reset [ <chain> ... ]"
     echo "   restart [ -n ] [ -p ] [ -f ] [ <directory> ]"
     echo "   restore [ -n ] [ -p ] [ <file name> ]"
@@ -3852,15 +3859,6 @@ shorewall_cli() {
 	    shift
 	    restart_command $@
 	    ;;
-	recover)
-	    get_config Yes Yes
-	    shift
-	    if [ -n "$SAVE_COUNTERS" -a -f ${VARDIR}/${RESTOREFILE} ]; then
-		restore_command $@
-	    else
-		start_command $@
-	    fi
-	    ;;
 	disable|enable)
 	    get_config Yes
 	    if product_is_started; then
diff --git a/Shorewall-lite/manpages/shorewall-lite.xml b/Shorewall-lite/manpages/shorewall-lite.xml
index 5af5b62b7..fb7173ff0 100644
--- a/Shorewall-lite/manpages/shorewall-lite.xml
+++ b/Shorewall-lite/manpages/shorewall-lite.xml
@@ -474,6 +474,8 @@
       <arg><option>-n</option></arg>
 
       <arg><option>-p</option></arg>
+
+      <arg><option>-f</option></arg>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -1102,6 +1104,15 @@
           <para>The <option>-p</option> option causes the connection tracking
           table to be flushed; the <command>conntrack</command> utility must
           be installed to use this option.</para>
+
+          <para>The <option>-m</option> option prevents the firewall script
+          from modifying the current routing configuration.</para>
+
+          <para>The <option>-f</option> option was added in Shorewall 4.6.5.
+          If the RESTOREFILE named in <ulink
+          url="shorewall.conf.html">shorewall.conf</ulink>(5) exists, is
+          executable and is not older than the current filewall script, then
+          that saved configuration is restored.</para>
         </listitem>
       </varlistentry>
 
diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std
index 8c4769fb3..a3490c6ea 100644
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -1669,7 +1669,6 @@ usage() # $1 = exit status
 	echo "   noiptrace <ip6tables match expression>"
     fi
 
-    echo "   recover [ -n ] [ -p ]"
     echo "   refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
     echo "   reject <address> ..."
     echo "   reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml
index 75784394c..39db5ee9f 100644
--- a/Shorewall/manpages/shorewall.xml
+++ b/Shorewall/manpages/shorewall.xml
@@ -357,18 +357,6 @@
       expression</replaceable></arg>
     </cmdsynopsis>
 
-    <cmdsynopsis>
-      <command>shorewall</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg
-      choice="plain"><option>recover</option><arg><option>-n</option></arg><arg><option>-p</option></arg></arg>
-    </cmdsynopsis>
-
     <cmdsynopsis>
       <command>shorewall</command>
 
@@ -1259,29 +1247,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">recover</emphasis></term>
-
-        <listitem>
-          <para>Added in Shorewall 4.6.5.</para>
-
-          <para>If SAVE_COUNTERS=Yes in <ulink
-          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and if
-          the file specified by the RESTOREFILE option in <ulink
-          url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5) exists
-          and is executable, then the command is the same as the <emphasis
-          role="bold">restore</emphasis> command. Otherwise, it is treated the
-          same as the <emphasis role="bold">start</emphasis> command.</para>
-
-          <para>The <option>-n</option> option causes Shorewall to avoid
-          updating the routing table(s).</para>
-
-          <para>The <option>-p</option> option causes the connection tracking
-          table to be flushed; the <command>conntrack</command> utility must
-          be installed to use this option.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">refresh</emphasis></term>
 
diff --git a/Shorewall6-lite/manpages/shorewall6-lite.xml b/Shorewall6-lite/manpages/shorewall6-lite.xml
index a12b4c953..29bcaa415 100644
--- a/Shorewall6-lite/manpages/shorewall6-lite.xml
+++ b/Shorewall6-lite/manpages/shorewall6-lite.xml
@@ -474,6 +474,8 @@
       <arg><option>-n</option></arg>
 
       <arg><option>-p</option></arg>
+
+      <arg><option>-f</option></arg>
     </cmdsynopsis>
 
     <cmdsynopsis>
@@ -1092,7 +1094,7 @@
         <term><emphasis role="bold">start</emphasis></term>
 
         <listitem>
-          <para>Start Shorewall Lite. Existing connections through
+          <para>Start Shorewall6 Lite. Existing connections through
           shorewall6-lite managed interfaces are untouched. New connections
           will be allowed only if they are allowed by the firewall rules or
           policies.</para>
@@ -1100,6 +1102,15 @@
           <para>The <option>-p</option> option causes the connection tracking
           table to be flushed; the <command>conntrack</command> utility must
           be installed to use this option.</para>
+
+          <para>The <option>-m</option> option prevents the firewall script
+          from modifying the current routing configuration.</para>
+
+          <para>The <option>-f</option> option was added in Shorewall 4.6.5.
+          If the RESTOREFILE named in <ulink
+          url="shorewall.conf.html">shorewall.conf</ulink>(5) exists, is
+          executable and is not older than the current filewall script, then
+          that saved configuration is restored.</para>
         </listitem>
       </varlistentry>