diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 4e97913f7..b61feffb4 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -97,7 +97,7 @@ sub generate_script_1() {
# Functions to execute the various user exits (extension scripts)
################################################################################
EOF
- my $lib = find_file 'lib.user';
+ my $lib = find_file 'lib.private';
copy1 $lib, emit "\n" if -f $lib;
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index b0f9ed64e..55ba7613f 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -20,7 +20,7 @@ Changes in Shorewall 4.4.0-Beta2
8) Add 'USER/GROUP' column to masq file.
-9) Added lib.user.
+9) Added lib.private.
Changes in Shorewall 4.4.0-Beta1
diff --git a/Shorewall/configfiles/lib.user b/Shorewall/configfiles/lib.private
similarity index 85%
rename from Shorewall/configfiles/lib.user
rename to Shorewall/configfiles/lib.private
index 234bd7ce0..a83fba6f5 100644
--- a/Shorewall/configfiles/lib.user
+++ b/Shorewall/configfiles/lib.private
@@ -1,7 +1,7 @@
#
-# Shorewall version 4 - lib.user File
+# Shorewall version 4 - lib.private File
#
-# /etc/shorewall/lib.user
+# /etc/shorewall/lib.private
#
# Use this file to declare shell functions to be called in the other
# run-time extension scripts. The file will be copied into the generated
diff --git a/Shorewall/install.sh b/Shorewall/install.sh
index 32cab1332..d7a11fcbc 100755
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -576,6 +576,15 @@ if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall/accounting ]; then
echo "Accounting file installed as ${PREFIX}/etc/shorewall/accounting"
fi
#
+# Install the private library file
+#
+run_install $OWNERSHIP -m 0644 configfiles/lib.private ${PREFIX}/usr/share/shorewall/configfiles/lib.private
+
+if [ -z "$CYGWIN" -a ! -f ${PREFIX}/etc/shorewall/lib.private ]; then
+ run_install $OWNERSHIP -m 0600 configfiles/lib.private ${PREFIX}/etc/shorewall/lib.private
+ echo "Private library file installed as ${PREFIX}/etc/shorewall/lib.private"
+fi
+#
# Install the Started file
#
run_install $OWNERSHIP -m 0644 configfiles/started ${PREFIX}/usr/share/shorewall/configfiles/started
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index b8082658f..7656186d7 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -180,7 +180,7 @@ None.
column works similarly to USER/GROUP columns in other Shorewall
configuration files. Only locally-generated traffic is matched.
-4) A new extension script, 'lib.user' has been added. This file is
+4) A new extension script, 'lib.private' has been added. This file is
intended to include declarations of shell functions that will be
called by the other run-time extension scripts.
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index 290f6f09c..9f376280b 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -1349,7 +1349,7 @@ fi
Below are my relevant configuration files.
- These files only work with Shorewall-perl 4.2 and
+ These files only work with Shorewall-perl 4.4 Beta 2 and
later.
@@ -1357,7 +1357,7 @@ fi
Note that /etc/lsm/script writes
a ${VARDIR}/xxx.status file when the status of an
- interface changes.
+ interface changes.
local status=0
@@ -1365,40 +1365,54 @@ fi
return $status
- /etc/shorewall/started:
+ /etc/shorewall/lib.private:
###############################################################################
-# My 'restored' script calls this one if there is no lsm process running
+# Create /etc/lsm/shorewall.conf
+# Remove the current interface status files
+# Start lsm
###############################################################################
-if [ "$COMMAND" = start -o "$COMMAND" = restore ]; then
+start_lsm() {
killall lsm 2> /dev/null
cat <<EOF > /etc/lsm/shorewall.conf
connection {
name=Avvanta
checkip=206.124.146.254
- device=eth0
+ device=$EXT_IF
ttl=2
}
connection {
name=Comcast
- checkip=${ETH3_GATEWAY:-71.227.156.1}
- device=eth3
+ checkip=${ETH0_GATEWAY:-71.231.152.1}
+ device=$COM_IF
ttl=1
}
EOF
- rm -f ${VARDIR}/*.status
+ rm -f /etc/shorewall/*.status
/usr/sbin/lsm /etc/lsm/lsm.conf >> /var/log/lsm
-fi
+}
eth3 has a dynamic IP address so I need to use the
Shorewall-detected gateway address ($ETH3_GATEWAY). I supply a default
value in the event that detection fails.
+ /etc/shorewall/started:
+
+ ##################################################################################
+# [re]start lsm if this is a 'start' command or if lsm isn't running
+##################################################################################
+if [ "$COMMAND" = start -o -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' )" ]; then
+ start_lsm
+fi
+
/etc/shorewall/restored:
- if [ -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' )" ]; then
- run_started_exit
+ ##################################################################################
+# Start lsm if it isn't running
+##################################################################################
+if [ -z "$(ps ax | grep 'lsm ' | grep -v 'grep ' )" ]; then
+ start_lsm
fi
/etc/lsm/lsm.conf:
diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml
index 06e849136..acb46567d 100644
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@@ -70,9 +70,10 @@
- lib.user -- Intended to contain
+ lib.private -- Intended to contain
declarations of shell functions to be called by other run-time
- extension scripts.
+ extension scripts. See this
+ article for an example of its use.