From c4e6a75eea250129458cbf844c85620ceedf0fe0 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 12 Mar 2007 02:59:12 +0000
Subject: [PATCH] More object generation changes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5504 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/compiler.pl    | 25 +++++++++++++------------
 New/prog.functions | 26 ++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/New/compiler.pl b/New/compiler.pl
index ff5374dbf..68aa7012e 100755
--- a/New/compiler.pl
+++ b/New/compiler.pl
@@ -5190,10 +5190,10 @@ sub create_iptables_restore_file() {
 	}
 
 	emit 'COMMIT';
-	emit '__EOF__';
     }
 
-    emit '}';
+    emit '__EOF__';
+    emit "}\n";
 }
        
 #
@@ -5458,6 +5458,8 @@ sub setup_forwarding() {
 	emit 'echo 0 > /proc/sys/net/ipv4/ip_forward';
 	emit 'progress_message2 IP Forwarding Disabled!';
     }
+
+    emit '';
 }
 
 sub generate_object () {
@@ -5562,7 +5564,10 @@ sub generate_object () {
     emit "}\n";
 	
     copy find_file 'prog.functions';
-    progress_message2 "Creating iptables-restore input...";  create_iptables_restore_file;
+    
+    progress_message2 "Creating iptables-restore input...";
+
+    create_iptables_restore_file;
 
     emit '#';
     emit '# Start/Restart/Reload the firewall';
@@ -5610,7 +5615,7 @@ sub generate_object () {
         emit "            startup_error \"The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface\"";
         emit '        fi';
 	emit '    done';
-	emit 'fi';
+	emit "fi\n";
     }
 
     emit "run_init_exit\n";
@@ -5624,17 +5629,13 @@ sub generate_object () {
 
     emit "f=\$(find_file ipsets)\n";
 
-    emit 'if [ -f $f ]; then';
-    emit '    progress_message2 "Restoring IPSETS...';
-    emit '    ipset -U :all: :all:';
-    emit '    ipset -F';
-    emit '    ipset -X';
-    emit '    ipset -R < $f';
-    emit "fi\n";
-
     emit "disable_ipv6\n" if $config{DISABLE_IPV6};
 
     setup_forwarding;
+
+    emit "restore_iptables\n";
+
+    emit "restore_dynamic_rules\n";
     
     $indent = '';
 
diff --git a/New/prog.functions b/New/prog.functions
index 4e4a31d7e..2c44424ba 100644
--- a/New/prog.functions
+++ b/New/prog.functions
@@ -383,3 +383,29 @@ ensure_and_save_command() {
     eval $@ || fatal_error "Command \"$@\" failed"
 }
 
+restore_dynamic_rules() {
+    if [ -f ${VARDIR}/save ]; then
+	progress_message2 "Setting up dynamic rules..."
+	rangematch='source IP range'
+	while read target ignore1 ignore2 address ignore3 rest; do
+	    case $target in
+		DROP|reject|logdrop|logreject)
+		    case $rest in
+			$rangematch*)
+			    run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
+			    ;;
+			*)
+			    if [ -z "$rest" ]; then
+				run_iptables -A dynamic -s $address -j $target
+			    else
+				error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
+			    fi
+			    ;;
+		    esac
+		    ;;
+	    esac
+	done < ${VARDIR}/save
+    fi
+}
+
+