extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-22 05:28:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow the timeout to be specified in that 'safe' commands.

Browse Source 
Also, allow a suffix (s, m or h) in the <timeout> paramater to the 'try' command.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-31 09:40:36 -08:00
parent 64d3ac036b
commit d6bac484dc
5 changed files with 85 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1769,7 +1769,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) {
#
# We can now dispense with the postfix character
#
fatal_error "The +, - and ! modifiers are not allowed in the bllist file or in the BLACKLIST section" if $action =~ s/[\+\-!]$// && $blacklist;
fatal_error "The +, - and ! modifiers are not allowed in the blrules file" if $action =~ s/[\+\-!]$// && $blacklist;
#
# Handle actions
#
@ -2492,6 +2492,9 @@ sub initiate_blacklist() {
$blrules = 1;
}
#
# Add jumps to the blacklst and blackout chains
#
sub classic_blacklist() {
my $fw = firewall_zone;
my @zones = off_firewall_zones;

18
Shorewall/lib.cli
View File

@ -1293,12 +1293,26 @@ show_proc() # $1 = name of a file
}
read_yesno_with_timeout() {
read -t 60 yn 2> /dev/null
local timeout
timeout=${1:-60}
case $timeout in
*s)
;;
*m)
timeout=$((${timeout%m} * 60))
;;
*h)
timeout=$((${timeout%h} * 3600))
;;
esac
read -t $timeout yn 2> /dev/null
if [ $? -eq 2 ]
then
# read doesn't support timeout
test -x /bin/bash || return 2 # bash is not installed so the feature is not available
/bin/bash -c 'read -t 60 yn ; if [ "$yn" == "y" ] ; then exit 0 ; else exit 1 ; fi' # invoke bash and use its version of read
/bin/bash -c "read -t $timeout yn ; if [ \"\$yn\" == \"y\" ] ; then exit 0 ; else exit 1 ; fi" # invoke bash and use its version of read
return $?
else
# read supports timeout

22
Shorewall/lib.cli-std
View File

@ -1003,6 +1003,8 @@ safe_commands() {
local finished
finished=0
local command
local timeout
timeout=60
# test is the shell supports timed read
read -t 0 junk 2> /dev/null
@ -1027,6 +1029,13 @@ safe_commands() {
g_noroutes=Yes
option=${option#n}
;;
t)
[ $# -eq 1 ] && fatal_error "The -t option requires a timeout value"
echo $2 | egrep -q '[[:digit:]]+[smh]' || fatal_error "The timeout value must be numeric, optionally followed by a suffix (s, m or h)"
timeout=$2
option=
shift;
;;
*)
usage 1
;;
@ -1109,7 +1118,7 @@ safe_commands() {
echo -n "Do you want to accept the new firewall configuration? [y/n] "
if read_yesno_with_timeout; then
if read_yesno_with_timeout $timeout ; then
echo "New configuration has been accepted"
else
if [ "$command" = "restart" ]; then
@ -1190,13 +1199,8 @@ try_command() {
;;
2)
handle_directory $1
echo $2 | egrep -q '[[:digit:]]+[smh]' || fatal_error "The timeout value must be numeric, optionally followed by a suffix (s, m or h)"
timeout=$2
case $timeout in
*[!0-9]*)
echo " ERROR: Invalid timeout ($timeout)" >&2;
exit 1
;;
esac
;;
*)
usage 1
@ -1545,8 +1549,8 @@ usage() # $1 = exit status
echo " reset [ <chain> ... ]"
echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ][ <directory> ]"
echo " restore [ -n ] [ <file name> ]"
echo " safe-restart [ <directory> ]"
echo " safe-start [ <directory> ]"
echo " safe-restart [ -t <timeout> ] [ <directory> ]"
echo " safe-start [ -t <timeout> ] [ <directory> ]"
echo " save [ <file name> ]"
echo " show [ -x ] [ -t {filter|mangle|nat|raw|rawpost} ] [ {chain [<chain> [ <chain> ... ]"
echo " show actions"

26
manpages/shorewall.xml
View File

@ -445,6 +445,8 @@
<arg><option>-p</option></arg>
<arg><option>-t</option> <replaceable>timeout</replaceable></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -461,6 +463,8 @@
<arg><option>-p</option></arg>
<arg><option>-t</option> <replaceable>timeout</replaceable></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -1238,6 +1242,14 @@
configuration is restored from the saved configuration. If a
directory is given, then Shorewall will look in that directory first
when opening configuration files.</para>
<para>Begining with Shorewall 4.4.28, you may specify a different
<replaceable>timeout</replaceable> value using the
<option>-t</option> option. The numeric
<replaceable>timeout</replaceable> may optionally be followed by an
<option>s</option>, <option>m</option> or <option>h</option> suffix
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
suffix is omitted, seconds is assumed.</para>
</listitem>
</varlistentry>
@ -1252,6 +1264,14 @@
shorewall clear is performed for you. If a directory is given, then
Shorewall will look in that directory first when opening
configuration files.</para>
<para>Begining with Shorewall 4.4.28, you may specify a different
<replaceable>timeout</replaceable> value using the
<option>-t</option> option. The numeric
<replaceable>timeout</replaceable> may optionally be followed by an
<option>s</option>, <option>m</option> or <option>h</option> suffix
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
suffix is omitted, seconds is assumed.</para>
</listitem>
</varlistentry>
@ -1579,6 +1599,12 @@
role="bold">clear</emphasis> or <emphasis
role="bold">restore</emphasis> is performed after
<replaceable>timeout</replaceable> seconds.</para>
<para>Begining with Shorewall 4.4.28, the numeric
<replaceable>timeout</replaceable> may optionally be followed by an
<option>s</option>, <option>m</option> or <option>h</option> suffix
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
suffix is omitted, seconds is assumed.</para>
</listitem>
</varlistentry>

26
manpages6/shorewall6.xml
View File

@ -380,6 +380,8 @@
<arg><option>-d</option></arg>
<arg><option>-t</option> <replaceable>timeout</replaceable></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -394,6 +396,8 @@
<arg><option>-d</option></arg>
<arg><option>-t</option> <replaceable>timeout</replaceable></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -1103,6 +1107,14 @@
configuration is restored from the saved configuration. If a
directory is given, then Shorewall6 will look in that directory
first when opening configuration files.</para>
<para>Begining with Shorewall 4.4.28, you may specify a different
<replaceable>timeout</replaceable> value using the
<option>-t</option> option. The numeric
<replaceable>timeout</replaceable> may optionally be followed by an
<option>s</option>, <option>m</option> or <option>h</option> suffix
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
suffix is omitted, seconds is assumed.</para>
</listitem>
</varlistentry>
@ -1117,6 +1129,14 @@
shorewall6 clear is performed for you. If a directory is given, then
Shorewall6 will look in that directory first when opening
configuration files.</para>
<para>Begining with Shorewall 4.4.28, you may specify a different
<replaceable>timeout</replaceable> value using the
<option>-t</option> option. The numeric
<replaceable>timeout</replaceable> may optionally be followed by an
<option>s</option>, <option>m</option> or <option>h</option> suffix
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
suffix is omitted, seconds is assumed.</para>
</listitem>
</varlistentry>
@ -1401,6 +1421,12 @@
role="bold">clear</emphasis> or <emphasis
role="bold">restore</emphasis> is performed after
<replaceable>timeout</replaceable> seconds.</para>
<para>Begining with Shorewall 4.4.28, the numeric
<replaceable>timeout</replaceable> may optionally be followed by an
<option>s</option>, <option>m</option> or <option>h</option> suffix
(e.g., 5m) to specify seconds, minutes or hours respectively. If the
suffix is omitted, seconds is assumed.</para>
</listitem>
</varlistentry>