diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 796f15b2b..17c43bb8b 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1769,7 +1769,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ $) { # # We can now dispense with the postfix character # - fatal_error "The +, - and ! modifiers are not allowed in the bllist file or in the BLACKLIST section" if $action =~ s/[\+\-!]$// && $blacklist; + fatal_error "The +, - and ! modifiers are not allowed in the blrules file" if $action =~ s/[\+\-!]$// && $blacklist; # # Handle actions # @@ -2492,6 +2492,9 @@ sub initiate_blacklist() { $blrules = 1; } +# +# Add jumps to the blacklst and blackout chains +# sub classic_blacklist() { my $fw = firewall_zone; my @zones = off_firewall_zones; diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index f333f3bfe..9cdbe649d 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -1293,12 +1293,26 @@ show_proc() # $1 = name of a file } read_yesno_with_timeout() { - read -t 60 yn 2> /dev/null + local timeout + timeout=${1:-60} + + case $timeout in + *s) + ;; + *m) + timeout=$((${timeout%m} * 60)) + ;; + *h) + timeout=$((${timeout%h} * 3600)) + ;; + esac + + read -t $timeout yn 2> /dev/null if [ $? -eq 2 ] then # read doesn't support timeout test -x /bin/bash || return 2 # bash is not installed so the feature is not available - /bin/bash -c 'read -t 60 yn ; if [ "$yn" == "y" ] ; then exit 0 ; else exit 1 ; fi' # invoke bash and use its version of read + /bin/bash -c "read -t $timeout yn ; if [ \"\$yn\" == \"y\" ] ; then exit 0 ; else exit 1 ; fi" # invoke bash and use its version of read return $? else # read supports timeout diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 34aadbf00..1bf200609 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -1003,6 +1003,8 @@ safe_commands() { local finished finished=0 local command + local timeout + timeout=60 # test is the shell supports timed read read -t 0 junk 2> /dev/null @@ -1027,6 +1029,13 @@ safe_commands() { g_noroutes=Yes option=${option#n} ;; + t) + [ $# -eq 1 ] && fatal_error "The -t option requires a timeout value" + echo $2 | egrep -q '[[:digit:]]+[smh]' || fatal_error "The timeout value must be numeric, optionally followed by a suffix (s, m or h)" + timeout=$2 + option= + shift; + ;; *) usage 1 ;; @@ -1109,7 +1118,7 @@ safe_commands() { echo -n "Do you want to accept the new firewall configuration? [y/n] " - if read_yesno_with_timeout; then + if read_yesno_with_timeout $timeout ; then echo "New configuration has been accepted" else if [ "$command" = "restart" ]; then @@ -1190,13 +1199,8 @@ try_command() { ;; 2) handle_directory $1 + echo $2 | egrep -q '[[:digit:]]+[smh]' || fatal_error "The timeout value must be numeric, optionally followed by a suffix (s, m or h)" timeout=$2 - case $timeout in - *[!0-9]*) - echo " ERROR: Invalid timeout ($timeout)" >&2; - exit 1 - ;; - esac ;; *) usage 1 @@ -1545,8 +1549,8 @@ usage() # $1 = exit status echo " reset [ ... ]" echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ][ ]" echo " restore [ -n ] [ ]" - echo " safe-restart [ ]" - echo " safe-start [ ]" + echo " safe-restart [ -t ] [ ]" + echo " safe-start [ -t ] [ ]" echo " save [ ]" echo " show [ -x ] [ -t {filter|mangle|nat|raw|rawpost} ] [ {chain [ [ ... ]" echo " show actions" diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index a0ee21537..ec756fef6 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -445,6 +445,8 @@ + timeout + directory @@ -461,6 +463,8 @@ + timeout + directory @@ -1238,6 +1242,14 @@ configuration is restored from the saved configuration. If a directory is given, then Shorewall will look in that directory first when opening configuration files. + + Begining with Shorewall 4.4.28, you may specify a different + timeout value using the + option. The numeric + timeout may optionally be followed by an + , or suffix + (e.g., 5m) to specify seconds, minutes or hours respectively. If the + suffix is omitted, seconds is assumed. @@ -1252,6 +1264,14 @@ shorewall clear is performed for you. If a directory is given, then Shorewall will look in that directory first when opening configuration files. + + Begining with Shorewall 4.4.28, you may specify a different + timeout value using the + option. The numeric + timeout may optionally be followed by an + , or suffix + (e.g., 5m) to specify seconds, minutes or hours respectively. If the + suffix is omitted, seconds is assumed. @@ -1579,6 +1599,12 @@ role="bold">clear or restore is performed after timeout seconds. + + Begining with Shorewall 4.4.28, the numeric + timeout may optionally be followed by an + , or suffix + (e.g., 5m) to specify seconds, minutes or hours respectively. If the + suffix is omitted, seconds is assumed. diff --git a/manpages6/shorewall6.xml b/manpages6/shorewall6.xml index 50ca797f1..f9bc983e9 100644 --- a/manpages6/shorewall6.xml +++ b/manpages6/shorewall6.xml @@ -380,6 +380,8 @@ + timeout + directory @@ -394,6 +396,8 @@ + timeout + directory @@ -1103,6 +1107,14 @@ configuration is restored from the saved configuration. If a directory is given, then Shorewall6 will look in that directory first when opening configuration files. + + Begining with Shorewall 4.4.28, you may specify a different + timeout value using the + option. The numeric + timeout may optionally be followed by an + , or suffix + (e.g., 5m) to specify seconds, minutes or hours respectively. If the + suffix is omitted, seconds is assumed. @@ -1117,6 +1129,14 @@ shorewall6 clear is performed for you. If a directory is given, then Shorewall6 will look in that directory first when opening configuration files. + + Begining with Shorewall 4.4.28, you may specify a different + timeout value using the + option. The numeric + timeout may optionally be followed by an + , or suffix + (e.g., 5m) to specify seconds, minutes or hours respectively. If the + suffix is omitted, seconds is assumed. @@ -1401,6 +1421,12 @@ role="bold">clear or restore is performed after timeout seconds. + + Begining with Shorewall 4.4.28, the numeric + timeout may optionally be followed by an + , or suffix + (e.g., 5m) to specify seconds, minutes or hours respectively. If the + suffix is omitted, seconds is assumed.