extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 12:09:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add lib.cli changes to 4.4.6

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-01-12 18:57:04 -08:00
parent 2b39d7f522
commit db2a1fe749
2 changed files with 133 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
Shorewall/lib.cli
View File

@ -177,9 +177,13 @@ show_tc() {
fi fi
} }
if [ $# -gt 0 ]; then
show_one_tc $1
else
ip -o link list | while read inx interface details; do ip -o link list | while read inx interface details; do
show_one_tc ${interface%:} show_one_tc ${interface%:}
done done
fi
} }
@ -263,37 +267,26 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
# #
# Save currently running configuration # Save currently running configuration
# #
save_config() { do_save() {
local status
status=0
local result
result=1
local hack
iptables_save=${IPTABLES}-save
[ -x $iptables_save ] || echo "$iptables-save does not exist or is not executable" >&2
if shorewall_is_started ; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
echo " ERROR: $RESTOREPATH exists and is not a saved $PRODUCT configuration" >&2
else
case $RESTOREFILE in
capabilities|chains|default_route|firewall|firewall.conf|nat|proxyarp|restarted|rt_tables|save|state|undo_routing|zones)
echo " ERROR: Reserved file name: $RESTOREFILE" >&2
;;
*)
validate_restorefile RESTOREFILE
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved"
if [ -f ${VARDIR}/firewall ]; then if [ -f ${VARDIR}/firewall ]; then
if $iptables_save | iptablesbug > ${VARDIR}/restore-$$; then if $iptables_save | iptablesbug > ${VARDIR}/restore-$$; then
cp -f ${VARDIR}/firewall $RESTOREPATH cp -f ${VARDIR}/firewall $RESTOREPATH
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
chmod +x $RESTOREPATH chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH" echo " Currently-running Configuration Saved to $RESTOREPATH"
run_user_exit save
else
rm -f ${VARDIR}/restore-$$
echo " ERROR: Currently-running Configuration Not Saved" >&2
status=1
fi
else
echo " ERROR: ${VARDIR}/firewall does not exist" >&2
status=1
fi
case ${SAVE_IPSETS:=No} in case ${SAVE_IPSETS:=No} in
[Yy]es) [Yy]es)
@ -324,7 +317,7 @@ save_config() {
# #
# Don't save an 'empty' file # Don't save an 'empty' file
# #
grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${RESTOREPATH}-ipsets && echo " Ipsets Saved to ${RESTOREPATH}-ipsets" grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${RESTOREPATH}-ipsets
fi fi
fi fi
;; ;;
@ -335,17 +328,41 @@ save_config() {
;; ;;
esac esac
run_user_exit save return $status
}
save_config() {
local result
result=1
iptables_save=${IPTABLES}-save
[ -x $iptables_save ] || echo "$iptables-save does not exist or is not executable" >&2
if shorewall_is_started ; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
if [ -f $RESTOREPATH -a ! -x $RESTOREPATH ]; then
echo " ERROR: $RESTOREPATH exists and is not a saved $PRODUCT configuration" >&2
else else
rm -f ${VARDIR}/restore-$$ case $RESTOREFILE in
echo " ERROR: Currently-running Configuration Not Saved" >&2 capabilities|chains|default_route|firewall|firewall.conf|nat|proxyarp|restarted|rt_tables|save|state|undo_routing|zones)
fi echo " ERROR: Reserved file name: $RESTOREFILE" >&2
else ;;
echo " ERROR: ${VARDIR}/firewall does not exist" >&2 *)
fi validate_restorefile RESTOREFILE
if chain_exists dynamic; then
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved"
do_save
else else
echo "Error Saving the Dynamic Rules" >&2 echo "Error Saving the Dynamic Rules" >&2
fi fi
else
do_save && rm -f ${VARDIR}/save
fi
;; ;;
esac esac
fi fi
@ -531,10 +548,11 @@ show_command() {
packet_log 20 packet_log 20
;; ;;
tc) tc)
[ $# -gt 1 ] && usage 1 [ $# -gt 2 ] && usage 1
echo "$PRODUCT $version Traffic Control at $HOSTNAME - $(date)" echo "$PRODUCT $version Traffic Control at $HOSTNAME - $(date)"
echo echo
show_tc shift
show_tc $1
;; ;;
classifiers|filters) classifiers|filters)
[ $# -gt 1 ] && usage 1 [ $# -gt 1 ] && usage 1
@ -1001,6 +1019,12 @@ block() # $1 = command, $2 = Finished, $3 - $n addresses
local finished local finished
finished=$2 finished=$2
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not enabled in the current $PRODUCT configuration" >&2
[ -n "$nolock" ] || mutex_off
exit 2
fi
shift 3 shift 3
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
@ -1107,7 +1131,7 @@ add_command() {
local interface host hostlist zone ipset local interface host hostlist zone ipset
if ! shorewall_is_started ; then if ! shorewall_is_started ; then
echo "Shorewall Not Started" >&2 echo "Shorewall Not Started" >&2
exit 2; exit 2
fi fi
case "$IPSET" in case "$IPSET" in
@ -1313,6 +1337,11 @@ allow_command() {
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if shorewall_is_started ; then if shorewall_is_started ; then
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not enabled in the current $PRODUCT configuration" >&2
exit 2
fi
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
while [ $# -gt 1 ]; do while [ $# -gt 1 ]; do
shift shift

54
Shorewall6/lib.cli
View File

@ -244,6 +244,30 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
# #
# Save currently running configuration # Save currently running configuration
# #
do_save() {
local status
status=0
if [ -f ${VARDIR}/firewall ]; then
if $iptables_save > ${VARDIR}/restore-$$; then
cp -f ${VARDIR}/firewall $RESTOREPATH
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
run_user_exit save
else
rm -f ${VARDIR}/restore-$$
echo " ERROR: Currently-running Configuration Not Saved" >&2
status=1
fi
else
echo " ERROR: ${VARDIR}/firewall does not exist" >&2
status=1
fi
return $status
}
save_config() { save_config() {
local result local result
@ -266,25 +290,16 @@ save_config() {
*) *)
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
if chain_exists dynamic; then
if $IP6TABLES -L dynamic -n > ${VARDIR}/save; then if $IP6TABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved" echo " Dynamic Rules Saved"
if [ -f ${VARDIR}/firewall ]; then do_save
if $iptables_save > ${VARDIR}/restore-$$; then
cp -f ${VARDIR}/firewall $RESTOREPATH
mv -f ${VARDIR}/restore-$$ ${RESTOREPATH}-iptables
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
run_user_exit save
else
rm -f ${VARDIR}/restore-$$
echo " ERROR: Currently-running Configuration Not Saved" >&2
fi
else
echo " ERROR: ${VARDIR}/firewall does not exist" >&2
fi
else else
echo "Error Saving the Dynamic Rules" >&2 echo "Error Saving the Dynamic Rules" >&2
fi fi
else
do_save && rm -f ${VARDIR}/save
fi
;; ;;
esac esac
fi fi
@ -883,6 +898,12 @@ block() # $1 = command, $2 = Finished, $3 - $n addresses
local finished local finished
finished=$2 finished=$2
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not enabled in the current $PRODUCT configuration" >&2
[ -n "$nolock" ] || mutex_off
exit 2
fi
shift 3 shift 3
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
@ -1004,6 +1025,11 @@ allow_command() {
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x
[ $# -eq 1 ] && usage 1 [ $# -eq 1 ] && usage 1
if shorewall6_is_started ; then if shorewall6_is_started ; then
if ! chain_exists dynamic; then
echo "Dynamic blacklisting is not enabled in the current $PRODUCT configuration" >&2
exit 2
fi
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
while [ $# -gt 1 ]; do while [ $# -gt 1 ]; do
shift shift