Split restore-base into two files

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1789 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

STABLE2/changelog.txt

@@ -91,3 +91,5 @@ Changes in 2.0.12
 2) Fix "shorewall add" and "shorewall delete" with bridging.
 
 3) Implement variable expansion in INCLUDE directives
+
+4) Split restore-base into two files.

STABLE2/firewall

@@ -5604,6 +5604,25 @@ define_firewall() # $1 = Command (Start or Restart)
     [ -n "$aliases_to_add" ] && \
 	echo "Adding IP Addresses..." &&       add_ip_aliases
 
+    for file in chains nat proxyarp zones; do
+	append_file $file
+    done
+    
+    save_progress_message "Restoring Netfilter Configuration..."
+    
+    save_command 'iptables-restore << __EOF__'
+ 
+    # 'shorewall save' appends the iptables-save output and '__EOF__'
+ 
+    mv -f $RESTOREBASE /var/lib/shorewall/restore-base-$$
+ 
+    > $RESTOREBASE
+ 
+    save_command "#"
+    save_command "# Restore tail file generated by Shorewall $version - $(date)"
+    save_command "#"
+    save_command "date > $STATEDIR/restarted"
+ 
     run_user_exit start
 
     createchain shorewall no
@@ -5614,19 +5633,8 @@ define_firewall() # $1 = Command (Start or Restart)
 
     rm -rf $TMP_DIR
 
-    for file in chains nat proxyarp zones; do
+    mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
-	append_file $file
+    mv -f $RESTOREBASE /var/lib/shorewall/restore-tail    
-    done
-    
-    save_command "date > $STATEDIR/restarted"
-
-    save_progress_message "Restoring Netfilter Configuration..."
-
-    save_command 'iptables-restore << __EOF__'
-
-    # 'shorewall save' appends the iptables-save output and '__EOF__'
-
-    mv -f $RESTOREBASE /var/lib/shorewall/restore-base
 
 }
 

STABLE2/releasenotes.txt

@@ -204,6 +204,22 @@ Problems corrected in 2.0.12
 
 	   shorewall add br0:eth2:192.168.1.3 OK
 	   shorewall delete br0:eth2:192.168.1.3 OK
+
+3) Previously, "shorewall save" created an out-of-sequence restore
+   script. The commands saved in the user's /etc/shorewall/start script
+   were executed prior to the Netfilter configuration being
+   restored. This has been corrected so that "shorewall save" now
+   places those commands at the end of the script. 
+
+   To accomplish this change, the "restore base" file
+   (/var/lib/shorewall/restore-base) has been split into two files:
+
+   /var/lib/shorewall/restore-base -- commands to be executed before
+   Netfilter the configuration is restored.
+
+   /var/lib/shorewall/restore-tail -- commands to be executed after the
+   Netfilter configuration is restored.
+
 -----------------------------------------------------------------------
 New Features in 2.0.12
 

STABLE2/shorewall

@@ -1070,6 +1070,8 @@ case "$1" in
 				cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
 				if iptables-save >> /var/lib/shorewall/restore-$$ ; then
 				    echo __EOF__ >> /var/lib/shorewall/restore-$$
+				    [ -f /var/lib/shorewall/restore-tail ] && \
+					cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$
 				    mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH 
 				    chmod +x $RESTOREPATH
 				    echo "   Currently-running Configuration Saved to $RESTOREPATH"