From ccdbd9faedc0fb4868d5271b7563dd6a822de0f3 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 11 Jul 2002 16:15:40 +0000 Subject: [PATCH] Allow shell variable expansion in /etc/shorewall/routestopped Make the HOST(S) column optional in /etc/shorewall/routestopped Add a 'stopped' user exit git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@132 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/firewall | 4 ++++ Shorewall/routestopped | 10 +++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Shorewall/firewall b/Shorewall/firewall index 1fa17a4b3..9d29a8717 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -1018,6 +1018,8 @@ stop_firewall() { strip_file routestopped while read interface host; do + expandv interface host + [ "x$host" = "x-" ] && host= hosts="$hosts $interface:${host:-0.0.0.0/0}" done < $TMP_DIR/routestopped @@ -1052,6 +1054,8 @@ stop_firewall() { ;; esac + run_user_exit stopped + logger "Shorewall Stopped" rm -rf $TMP_DIR diff --git a/Shorewall/routestopped b/Shorewall/routestopped index 1d940beff..db1459080 100644 --- a/Shorewall/routestopped +++ b/Shorewall/routestopped @@ -4,12 +4,16 @@ # # /etc/shorewall/routestopped # -# This file is used to define the hosts that are accessible when the firewall is stopped +# This file is used to define the hosts that are accessible when the +# firewall is stopped # # Columns must be separated by white space and are: # -# INTERFACE - Interface through which host(s) communicate with the firewall -# HOST(S) - Comma-separated list of IP/subnet addresses. +# INTERFACE - Interface through which host(s) communicate with +# the firewall +# HOST(S) - (Optional) Comma-separated list of IP/subnet +# addresses. If left empty or supplied as "-", +# 0.0.0.0/0 is assumed. # # Example: #