From e850d6cc7fa1689d76fec19d837c0ae8669e37f7 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 23 Jan 2006 23:30:58 +0000
Subject: [PATCH] Change implementation of start and restart to use the
 compiler

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3364 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/compiler    |  10 +++
 Shorewall/prog.footer |  39 ++++++---
 Shorewall/shorewall   | 179 ++++++++++++++++++++++++------------------
 3 files changed, 142 insertions(+), 86 deletions(-)

diff --git a/Shorewall/compiler b/Shorewall/compiler
index e656ffd58..b49b429ec 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -382,6 +382,14 @@ addnatrule() # $1 = chain name, remainder of arguments specify the rule
     run_iptables2 -t nat -A $@
 }
 
+#
+# Create a rule to delete a chain if it exists
+#
+deletechain() # $1 = name of chain
+{
+    save_command "qt $IPTABLES -L $1 -n && qt $IPTABLES -F $1 && qt $IPTABLES -X $1"
+}
+
 #
 # Determine if a chain is a policy chain
 #
@@ -7051,6 +7059,8 @@ initialize_netfilter () {
 
     TERMINATOR=fatal_error
 
+    deletechain shorewall
+
     if [ -n "$NAT_ENABLED" ]; then
 	delete_nat
 	for chain in PREROUTING POSTROUTING OUTPUT; do
diff --git a/Shorewall/prog.footer b/Shorewall/prog.footer
index 9f2124759..5c4fd6dc7 100644
--- a/Shorewall/prog.footer
+++ b/Shorewall/prog.footer
@@ -61,34 +61,51 @@ fi
 
 case "$COMMAND" in
     start)
-	echo "Starting Shorewall...."
-	define_firewall
-	status=$?
-	echo "done."
+	if shorewall_is_started; then
+	    error_message "Shorewall is already Running"
+	    status=1
+	else
+	    progress_message3 "Starting Shorewall...."
+	    define_firewall
+	    status=$?
+	    progress_message3 "done."
+	fi
 	;;
     stop)
-	echo "Stopping Shorewall...."
+	progress_message3 "Stopping Shorewall...."
 	stop_firewall
 	status=0
-	echo "done."
+	progress_message3 "done."
 	;;
     restart)
-	echo "Restarting Shorewall...."
+	if shorewall_is_started; then
+	    progress_message3 "Restarting Shorewall...."
+	else
+	    echo "Shorewall is not running" >&2
+	    progress_message3 "Starting Shorewall...."
+	fi
+
 	define_firewall
 	status=$?
-	echo "done."
+	progress_message3 "done."
 	;;
     reload)
-	echo "Reloading Shorewall...."
+	if shorewall_is_started; then
+	    progress_message3 "Reloading Shorewall...."
+	else
+	    echo "Shorewall is not running" >&2
+	    progress_message3 "Starting Shorewall...."
+	fi
+
 	define_firewall
 	status=$?
 	echo "done."
 	;;
     clear)
-	echo "Clearing Shorewall...."
+	progress_message3 "Clearing Shorewall...."
 	clear_firewall
 	status=0
-	echo "done."
+	progress_message3 "done."
 	;;
     status)
 	echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index 398f951f1..8906b73bf 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -494,6 +494,23 @@ save_config() {
 start_command() {
     local finished=0
 
+    do_it() {
+	[ -n "$nolock" ] || mutex_on
+
+	progress_message3 "Compiling..."
+
+	if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.start; then
+	    /var/lib/shorewall/.start start
+	fi
+
+	[ -n "$nolock" ] || mutex_off
+    }
+
+    if shorewall_is_started; then
+	error_message "Shorewall is already running"
+	exit 1
+    fi
+
     while [ $finished -eq 0 -a $# -gt 0 ]; do
 	option=$1
 	case $option in
@@ -558,6 +575,7 @@ start_command() {
     esac
 
     export NOROUTES
+    export PROGRAM=Yes
 
     if [ -n "$FAST" ]; then
 	if qt mywhich make; then
@@ -585,13 +603,13 @@ start_command() {
 		date > /var/lib/shorewall/restarted
 		echo Shorewall restored from $RESTOREPATH
 	    else
-		exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
+		do_it
 	    fi
 	else
-	    exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
+	    do_it
 	fi
     else
-	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
+	do_it
     fi
 }
 #
@@ -675,75 +693,6 @@ compile_command() {
     exec $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging generate $file
 }
 #
-# Restart Command Executor
-#
-restart_command() {
-    local finished=0
-
-    while [ $finished -eq 0 -a $# -gt 0 ]; do
-	option=$1
-	case $option in
-	    -*)
-		option=${option#-}
-
-		while [ -n "$option" ]; do
-		    case $option in
-			-)
-			    finished=1
-			    option=
-			    ;;
-			q*)
-			    VERBOSE=$(($VERBOSE - 1 ))
-			    option=${option#q}
-			    ;;
-			v*)
-			    VERBOSE=$(($VERBOSE + 1 ))
-			    option=${option#v}
-			    ;;
-			n*)
-			    NOROUTES=Yes
-			    option=${option#n}
-			    ;;
-			*)
-			    usage 1
-			    ;;
-		    esac
-		done
-		shift
-		;;
-	    *)
-		finished=1
-		;;
-	esac
-    done
-
-    case $# in
-	0)
-	    ;;
-	1)
-	    [ -n "$SHOREWALL_DIR" ] && usage 2
-
-	    if [ ! -d $1 ]; then
-		if [ -e $1 ]; then
-		    echo "$1 is not a directory" >&2 && exit 2
-		else
-		    echo "Directory $1 does not exist" >&2 && exit 2
-		fi
-	    fi
-
-	    SHOREWALL_DIR=$1
-	    export SHOREWALL_DIR
-	    ;;
-	*)
-	    usage 1
-	    ;;
-    esac
-
-    export NOROUTES
-
-    exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock restart
-}
-#
 # Check Command Executor
 #
 check_command() {
@@ -808,6 +757,7 @@ check_command() {
 
     exec $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock check
 }
+
 #
 # Reload Command Executor
 #
@@ -881,12 +831,91 @@ reload_command() {
     progress_message3 "Compiling..."
 
     if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.reload; then
-	progress_message3 "Installing..."
 	/var/lib/shorewall/.reload reload
     fi
 
     [ -n "$nolock" ] || mutex_off
 }
+
+#
+# Restart Command Executor
+#
+restart_command() {
+    local finished=0
+
+    while [ $finished -eq 0 -a $# -gt 0 ]; do
+	option=$1
+	case $option in
+	    -*)
+		option=${option#-}
+
+		while [ -n "$option" ]; do
+		    case $option in
+			-)
+			    finished=1
+			    option=
+			    ;;
+			q*)
+			    VERBOSE=$(($VERBOSE - 1 ))
+			    option=${option#q}
+			    ;;
+			v*)
+			    VERBOSE=$(($VERBOSE + 1 ))
+			    option=${option#v}
+			    ;;
+			n*)
+			    NOROUTES=Yes
+			    option=${option#n}
+			    ;;
+			*)
+			    usage 1
+			    ;;
+		    esac
+		done
+		shift
+		;;
+	    *)
+		finished=1
+		;;
+	esac
+    done
+
+    case $# in
+	0)
+	    ;;
+	1)
+	    [ -n "$SHOREWALL_DIR" ] && usage 2
+
+	    if [ ! -d $1 ]; then
+		if [ -e $1 ]; then
+		    echo "$1 is not a directory" >&2 && exit 2
+		else
+		    echo "Directory $1 does not exist" >&2 && exit 2
+		fi
+	    fi
+
+	    SHOREWALL_DIR=$1
+	    export SHOREWALL_DIR
+	    ;;
+	*)
+	    usage 1
+	    ;;
+    esac
+
+    export NOROUTES
+    export PROGRAM=Yes
+
+    [ -n "$nolock" ] || mutex_on
+
+    progress_message3 "Compiling..."
+
+    if $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging $nolock compile /var/lib/shorewall/.restart; then
+	/var/lib/shorewall/.restart restart
+    fi
+
+    [ -n "$nolock" ] || mutex_off
+}
+
 #
 # Show Command Executor
 #
@@ -1249,8 +1278,8 @@ usage() # $1 = exit status
     echo "   refresh"
     echo "   reject <address> ..."
     echo "   reset"
-    echo "   reload [ -n ] [ -q ] [ <directory> ]"
-    echo "   restart [ -n ] [ -q ] [ <directory> ]"
+    echo "   reload [ -n ] [ -q ] [ -v ] [ <directory> ]"
+    echo "   restart [ -n ] [ -q ] [ -v ] [ <directory> ]"
     echo "   restore [ -n ] [ -q ] [ <file name> ]"
     echo "   save [ <file name> ]"
     echo "   show [ -v ] [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"