mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-16 02:28:13 +01:00
Finish up RESTOREFILE implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1394 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
4bc134a193
commit
d538202443
@ -1250,11 +1250,13 @@ stop_firewall() {
|
||||
set +x
|
||||
|
||||
[ -z "$RESTOREFILE" ] && RESTOREFILE=restore
|
||||
|
||||
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
|
||||
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
if [ -x $RESTOREPATH ]; then
|
||||
echo Restoring Shorewall...
|
||||
/var/lib/shorewall/$RESTOREFILE
|
||||
echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
|
||||
$RESTOREPATH
|
||||
echo "Shorewall restored from $RESTOREPATH"
|
||||
my_mutex_off
|
||||
kill $$
|
||||
exit 2
|
||||
|
||||
@ -41,23 +41,31 @@ New Features:
|
||||
|
||||
1) Shorewall now supports multiple saved configurations.
|
||||
|
||||
a) The "save" command has been extended to be able to specify the
|
||||
a) The default saved configuration (restore script) in
|
||||
/var/lib/shorewall is now specified using the RESTOREFILE option
|
||||
in shorewall.conf. If this variable isn't set then to maitain
|
||||
backward compatibility, 'restore' is assumed.
|
||||
|
||||
The value of RESTOREFILE must be a simple file name; no slashes
|
||||
("/") may be included.
|
||||
|
||||
b) The "save" command has been extended to be able to specify the
|
||||
name of a saved configuration.
|
||||
|
||||
shorewall save [ <file name> ]
|
||||
|
||||
The current state is saved to /var/lib/shorewall/<file name>. If
|
||||
no <file name> is given, the configuration is saved to
|
||||
/var/lib/shorewall/restore (current behavior).
|
||||
the file determined by the RESTOREFILE setting.
|
||||
|
||||
b) The "restore" command has been extended to be able to specify
|
||||
c) The "restore" command has been extended to be able to specify
|
||||
the name of a saved configuration:
|
||||
|
||||
shorewall restore [ <file name> ]
|
||||
|
||||
The firewall state is restored from /var/lib/shorewall/<file
|
||||
name>. If no <file name> is given, the firewall state is
|
||||
restored from /var/lib/shorewall/restore.
|
||||
restored from the file determined by the RESTOREFILE setting.
|
||||
|
||||
c) The "forget" command has changed. Previously, the command
|
||||
unconditionally removed the /var/lib/shorewall/save file which
|
||||
@ -70,10 +78,11 @@ New Features:
|
||||
shorewall forget [ <file name> ]
|
||||
|
||||
The file /var/lib/shorewall/<file name> is removed. If no <file
|
||||
name> is given, the file /var/lib/shorewall/restore is removed.
|
||||
name> is given, the file determined by the RESTOREFILE setting
|
||||
is removed.
|
||||
|
||||
d) The "shorewall -f start" command continues to restore the state
|
||||
recorded in /var/lib/shorewall/restore.
|
||||
d) The "shorewall -f start" command restores the state from the
|
||||
file determined by the RESTOREFILE setting.
|
||||
|
||||
2) "!" is now allowed in accounting rules.
|
||||
|
||||
|
||||
@ -134,6 +134,19 @@ showchain() # $1 = name of chain
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Validate the value of RESTOREFILE
|
||||
#
|
||||
validate_restorefile() # $* = label
|
||||
{
|
||||
case $RESTOREFILE in
|
||||
*/*)
|
||||
echo " ERROR: $@ must specify a simple file name: $RESTOREFILE" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
#
|
||||
# Set the configuration variables from shorewall.conf
|
||||
#
|
||||
@ -163,13 +176,17 @@ get_config() {
|
||||
|
||||
if [ -n "$SHOREWALL_SHELL" ]; then
|
||||
if [ ! -e "$SHOREWALL_SHELL" ]; then
|
||||
echo "The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
|
||||
echo " ERROR: The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -n "$RESTOREFILE" ] || RESTOREFILE=restore
|
||||
|
||||
validate_restorefile RESTOREFILE
|
||||
|
||||
export RESTOREFILE
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
@ -740,11 +757,14 @@ case "$1" in
|
||||
[ $# -ne 1 ] && usage 1
|
||||
get_config
|
||||
if [ -n "$FAST" ]; then
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
|
||||
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
|
||||
|
||||
if [ -x $RESTOREPATH ]; then
|
||||
echo Restoring Shorewall...
|
||||
/var/lib/shorewall/$RESTOREFILE
|
||||
$RESTOREPATH
|
||||
date > $STATEDIR/restarted
|
||||
echo Shorewall restored from /var/lib/shorewall/$RESTOREFILE
|
||||
echo Shorewall restored from $RESTOREPATH
|
||||
else
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
|
||||
fi
|
||||
@ -976,19 +996,22 @@ case "$1" in
|
||||
;;
|
||||
2)
|
||||
RESTOREFILE="$2"
|
||||
validate_restorefile '<restore file>'
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
esac
|
||||
|
||||
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
|
||||
|
||||
mutex_on
|
||||
|
||||
if qt iptables -L shorewall -n; then
|
||||
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
|
||||
|
||||
if [ -f /var/lib/shorewall/$RESTOREFILE -a ! -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
echo " ERROR: /var/lib/shorewall/$RESTOREFILE exists and is not a saved Shorewall configuration"
|
||||
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
|
||||
echo " ERROR: $RESTOREPATH exists and is not a saved Shorewall configuration"
|
||||
else
|
||||
case $RESTOREFILE in
|
||||
save|restore-base)
|
||||
@ -1001,9 +1024,9 @@ case "$1" in
|
||||
cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
|
||||
if iptables-save >> /var/lib/shorewall/restore-$$ ; then
|
||||
echo __EOF__ >> /var/lib/shorewall/restore-$$
|
||||
mv -f /var/lib/shorewall/restore-$$ /var/lib/shorewall/$RESTOREFILE
|
||||
chmod +x /var/lib/shorewall/$RESTOREFILE
|
||||
echo " Currently-running Configuration Saved to /var/lib/shorewall/$RESTOREFILE"
|
||||
mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH
|
||||
chmod +x $RESTOREPATH
|
||||
echo " Currently-running Configuration Saved to $RESTOREPATH"
|
||||
else
|
||||
rm -f /var/lib/shorewall/restore-$$
|
||||
echo " ERROR: Currently-running Configuration Not Saved"
|
||||
@ -1029,17 +1052,21 @@ case "$1" in
|
||||
;;
|
||||
2)
|
||||
RESTOREFILE="$2"
|
||||
validate_restorefile '<restore file>'
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
rm -f /var/lib/shorewall/$RESTOREFILE
|
||||
echo " /var/lib/shorewall/$RESTOREFILE removed"
|
||||
elif [ -f /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
echo " ERROR: /var/lib/shorewall/$RESTOREFILE is not a restore script"
|
||||
|
||||
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
|
||||
|
||||
if [ -x $RESTOREPATH ]; then
|
||||
rm -f $RESTOREPATH
|
||||
echo " $RESTOREPATH removed"
|
||||
elif [ -f $RESTOREPATH ]; then
|
||||
echo " ERROR: $RESTOREPATH is not a restore script"
|
||||
fi
|
||||
;;
|
||||
ipcalc)
|
||||
@ -1084,15 +1111,18 @@ case "$1" in
|
||||
;;
|
||||
2)
|
||||
RESTOREFILE="$2"
|
||||
validate_restorefile '<restore file>'
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -x /var/lib/shorewall/$RESTOREFILE ]; then
|
||||
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
|
||||
|
||||
if [ -x $RESTOREPATH ]; then
|
||||
echo Restoring Shorewall...
|
||||
/var/lib/shorewall/$RESTOREFILE && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
|
||||
$RESTOREPATH && echo "Shorewall restored from /var/lib/shorewall/$RESTOREFILE"
|
||||
else
|
||||
echo "File /var/lib/shorewall/$RESTOREFILE: file not found"
|
||||
exit 2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user