Run .restore for stop/clear; fix double slash in pathnames

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-19 17:28:35 +02:00 · 2007-06-19 13:48:16 +00:00 · 2007-06-19 13:48:16 +00:00 · c5cf56c91b
commit c5cf56c91b
parent 5aa19f596e
7 changed files with 172 additions and 9 deletions
--- a/Shorewall-common/diff-3.4-shorewall
+++ b/Shorewall-common/diff-3.4-shorewall
@ -1,5 +1,5 @@
 --- /home/teastep/shorewall/branches/3.4/Shorewall/shorewall	2007-06-18 11:32:15.000000000 -0700
-+++ shorewall	2007-06-18 11:31:44.000000000 -0700
+++ shorewall	2007-06-19 06:36:20.000000000 -0700
@@ -1305,7 +1305,7 @@
     echo "   stop"
     echo "   status"
@ -20,3 +20,11 @@
 	if [ -f /usr/share/shorewall-perl/version ]; then
 	    echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
 	fi
@@ -1534,6 +1538,7 @@
 	[ $# -ne 1 ] && usage 1
 	get_config
 	export NOROUTES
 +	[ -x ${VARDIR}/.restore ] && FIREWALL=${VARDIR}/.restore
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
 	;;
     compile)
--- a/Shorewall-common/shorewall
+++ b/Shorewall-common/shorewall
@ -1538,6 +1538,7 @@ case "$COMMAND" in
 	[ $# -ne 1 ] && usage 1
 	get_config
 	export NOROUTES
 	[ -x ${VARDIR}/.restore ] && FIREWALL=${VARDIR}/.restore
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
 	;;
    compile)
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@ -905,11 +905,11 @@ sub ensure_config_path() {
    @config_path = split /:/, $config{CONFIG_PATH};
    for ( @config_path ) {
-	$_ .= '/' unless m|//$|;
+	$_ .= '/' unless m|/$|;
    }
    if ( $shorewall_dir ) {
-	$shorewall_dir .= '/' unless $shorewall_dir =~ m|//$|;
+	$shorewall_dir .= '/' unless $shorewall_dir =~ m|/$|;
 	unshift @config_path, $shorewall_dir if $shorewall_dir ne $config_path[0];
    }
 }
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@ -383,6 +383,8 @@ sub process_criticalhosts() {
 	my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file';
 	fatal_error "Unknown interface ($interface)" unless known_interface $interface;
 	$hosts = ALLIPv4 unless $hosts ne '-';
 	my @hosts;
@ -426,6 +428,8 @@ sub process_routestopped() {
 	my ($interface, $hosts, $options ) = split_line 1, 3, 'routestopped file';
 	fatal_error "Unknown interface ($interface)" unless known_interface $interface;
 	$hosts = ALLIPv4 unless $hosts && $hosts ne '-';
 	my @hosts;
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -1789,6 +1789,15 @@ iptables: Invalid argument
          <filename>/lib/iptables/libipt_policy.so</filename>.</para>
        </listitem>
      </itemizedlist>
      <note>
        <para>Beginning with Shorewall 3.4.0, Shorewall no longer attempts to
        use policy match if you have no IPSEC zones and you have not specified
        the <option>ipsec</option> option on any entry in
        <filename>/etc/shorewall/hosts</filename>. The subject message will
        still appear in your kernel log each time that Shorewall determines
        the capabilities of your kernel/iptables.</para>
      </note>
    </section>
    <section id="faq62">
--- a/web/News.htm
+++ b/web/News.htm
@ -24,10 +24,151 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
 License</a></span>”.<br>
 </p>
-<p>June 12, 2007<br>
+<p>June 17, 2007<br>
 </p>
 <hr style="width: 100%; height: 2px;">
 <p><strong>2006-06-17 Shorewall 3.4.4</strong></p>
 <pre>Problems corrected in 3.4.4:
 1)  The commands "shorewall add &lt;interface&gt; &lt;zone&gt;" and "shorewall
    delete &lt;interface&gt; &lt;zone&gt;" no longer produce spurious error
    messages.
 2)  The command "shorewall delete &lt;interface&gt; &lt;zone&gt;" now actually deletes
    entries when it successfully completes.  Previously, it would appear
    to remove an entry, even when removing that entry should fail. 
 3)  Setting HIGH_ROUTE_MARKS=No no longer causes TC_EXPERT flagging.
 4)  When run as root, the 'shorewall load' and 'shorewall reload'
    commands would fail if the LOGFILE setting in
    /etc/shorewall/shorewall.conf specified a non-existant file.
 5)  Entries in /etc/shorewall/tcrules that specify both a source and
    destination port fail with the following diagnostic:
    iptables v1.3.3: multiport can only have one option
 6)  Previously, Shorewall-lite did not allow DHCP traffic through an
    interface when the interface was a bridge with 'dhcp' specified
    unless there was a bridge on the administrative system with the
    same name.
 7)  SOURCE and DEST are now flagged as invalid zone name to avoid
    problems with macros that use those names as keywords.
 8)  Previously, Shorewall could *increase* the MSS under some
    circumstances. This possibility is now eliminated, provided that
    the system has TCPMSS match support (be sure to update your
    capabilities files!).
 9)  Firewall zone names other than 'fw' no longer cause a error when
    IPSECFILE is not set or is set to 'ipsec'.
 10) The 'proxyarp' option on an interface was previously ignored when
    the /etc/shorewall/proxyarp file was empty.
 11) Previously, if action 'a' was defined then the following 
    rule generated an error:
         a:        z1   z2      ...
    The trailing ":" is now ignored.
 12) Previously, if a RATE/LIMIT was specified on a REJECT rule, the
    generated error messages referred to the rule as a DROP rule.
 13) The 'nolock' keyword was previously ignored on several
    /sbin/shorewall[-lite] commands. 
 Other changes in 3.4.4:
 1)  The accounting, masq, rules and tos files now have a 'MARK' column
    similar to the column of the same name in the tcrules file. This
    column allows filtering by MARK value.
 2)  The "shorewall show zones" command now flags zone members that have
    been added using "shorewall add" by preceding them with a plus sign
    ("+").
    Example:
    Shorewall 3.9.4 Zones at gateway - Mon May 14 07:48:16 PDT 2007
    fw (firewall)
    net (ipv4)
        eth0:0.0.0.0/0
    loc (ipv4)
        br0:0.0.0.0/0
        eth4:0.0.0.0/0
        eth5:0.0.0.0/0
        +eth1:0.0.0.0/0
    dmz (ipv4)
        eth3:0.0.0.0/0
    vpn (ipv4)
        tun+:0.0.0.0/0
    In the above output, "eth1:0.0.0.0/0" was dynamically added to the
    'loc' zone. As part of this change, "shorewall delete" will only
    delete entries that have been added dynamically. In earlier
    versions, any entry could be deleted although the ruleset was only
    changed by deleting entries that had been added dynamically.
 3)  Eariler generations of Shorewall Lite required that remote root
    login via ssh be enabled in order to use the 'load' and 'reload'
    commands.
    Beginning with this release, you may define an alternative means
    for accessing the remote firewall system.
    Two new options have been added to shorewall.conf:
        RSH_COMMAND
        RCP_COMMAND
    The default values for these are as follows:
        RSH_COMMAND: ssh ${root}@${system} ${command}
        RCP_COMMAND: scp ${files} ${root}@${system}:${destination}
    Shell variables that will be set when the commands are envoked are
    as follows:
       root  - root user. Normally 'root' but may be overridden using
               the '-r' option.
       system - The name/IP address of the remote firewall system.
       command - For RSH_COMMAND, the command to be executed on the 
                 firewall system.
       files   - For RCP_COMMAND, a space-separated list of files to
                 be copied to the remote firewall system.
       destination - The directory on the remote system that the files 
                     are to be copied into. 
 4)  You may now select the compiler to use on the command line using
    the '-C' option. This option is available on the following
    commands:
        check
        compile
        export
        load
        reload
        restart
        start
        try
        safe-start
        save-restart
     Example:
        shorewall try -C perl .</pre>
 <hr>
 <p><strong>2006-06-12 New Host for www.shorewall.net and
 ftp.shorewall.net</strong></p>
 <pre>I'm pleased to announce that Ty Christiansen and the folks at Master Mind
--- a/web/shorewall_index.htm
+++ b/web/shorewall_index.htm
@ -21,7 +21,7 @@ Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the
 license is included in the section entitled “<a href="GnuCopyright.htm"
 target="_self">GNU Free Documentation License</a>”.</p>
-<p>2007-06-15</p>
+<p>2007-06-17</p>
 <hr style="width: 100%; height: 2px;">
 <h2>Table of Contents</h2>
@ -103,17 +103,17 @@ Features page</a>.<br>
 <h3><a name="Releases"></a>Current Shorewall Releases</h3>
 <p style="margin-left: 40px;">The <span style="font-weight: bold;">current
-Stable Release</span> version is  3.4.3<br>
+Stable Release</span> version is  3.4.4<br>
 </p>
 <ul style="margin-left: 40px;">
  <li>Here are the <a
-    href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.3/releasenotes.txt">release
+    href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.4/releasenotes.txt">release
    notes</a> <br>
  </li>
  <li>Here are the <a
-    href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.3/known_problems.txt">known
+    href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.4/known_problems.txt">known
    problems</a> and <a
-    href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.3/errata/">updates</a>.</li>
+    href="http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.4/errata/">updates</a>.</li>
 </ul>
 <div style="margin-left: 40px;">