Finish implementation of save/restore/forget

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3378 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-01-25 17:33:38 +00:00
parent df34d1f79b
commit eca8a37f42
4 changed files with 99 additions and 67 deletions

View File

@ -8497,7 +8497,7 @@ __EOF__
#
# Start/Restart/Reload the firewall
#
define_firewall() {}
define_firewall() {
__EOF__
INDENT=" "
@ -8593,6 +8593,14 @@ __EOF__
append_file $file
done
cat >> $OUTPUT << __EOF__
if [ \$COMMAND = restore ]; then
iptables-restore <
\$1
fi
__EOF__
save_command "date > /var/lib/shorewall/restarted"
run_user_exit start
@ -8605,14 +8613,51 @@ __EOF__
run_user_exit started
save_command "cp -f \$SCRIPT /var/lib/shorewall/.restore"
cat >> $OUTPUT << __EOF__
cp -f \$(my_pathname) /var/lib/shorewall/.restore
}
#
# Silently efine Firewall and ignore errors
#
restore_firewall()
{
iptables_save_file=/var/lib/shorewall/\$(basename \$0)-iptables
fatal_error()
{
echo " ERROR: \$@" >&2
}
startup_error() # \$@ = Error Message
{
echo " ERROR: \$@" >&2
}
run_iptables() { return 0; }
VERBOSE=-1
IPTABLES=run_iptables
if [ -f \$iptables_save_file ]; then
{
define_firewall \$iptables_save_file
}
else
fatal_error "\$iptables_save_file does not exist"
exit 2
fi
}
__EOF__
if [ $COMMAND = check ]; then
echo "Shorewall configuration verified"
else
INDENT=
save_command "}"
save_command ""
cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile
chmod 700 $outfile
progress_message2 "Shorewall configuration compiled to $outfile"

View File

@ -136,6 +136,14 @@ fix_bang() {
done
}
#
# Echos the fully-qualified name of the calling shell program
#
my_pathname() {
cd $(dirname $0)
echo $PWD/$(basename $0)
}
#
# Set default config path
#

View File

@ -1,29 +1,3 @@
#
# Define Firewall and ignore errors
#
restore_firewall()
{
fatal_error()
{
echo " ERROR: $@" >&2
}
startup_error() # foo = Error Message
{
echo " ERROR: $@" >&2
}
define_firewall
}
#
# Returns the fully-qualified name of this script
#
current_command() {
cd $(dirname $0)
echo $PWD/$(basename $0)
}
#
# Give Usage Information
#
@ -34,8 +8,6 @@ usage() {
################################################################################
# E X E C U T I O N B E G I N S H E R E #
################################################################################
SCRIPT=$(current_command)
initialize
finished=0

View File

@ -430,46 +430,52 @@ save_config() {
if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then
echo " Dynamic Rules Saved"
if [ -f /var/lib/shorewall/.restore ]; then
cp -f /var/lib/shorewall/.restore $RESTOREPATH
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
if iptables-save | iptablesbug > /var/lib/shorewall/restore-$$; then
cp -f /var/lib/shorewall/.restore $RESTOREPATH
mv -f /var/lib/shorewall/restore-$$ ${RESTOREPATH}-iptables
chmod +x $RESTOREPATH
echo " Currently-running Configuration Saved to $RESTOREPATH"
rm -f ${RESTOREPATH}-ipsets
rm -f ${RESTOREPATH}-ipsets
case ${SAVE_IPSETS:-No} in
[Yy][Ee][Ss])
RESTOREPATH=${RESTOREPATH}-ipsets
case ${SAVE_IPSETS:-No} in
[Yy][Ee][Ss])
RESTOREPATH=${RESTOREPATH}-ipsets
f=/var/lib/shorewall/restore-$$
f=/var/lib/shorewall/restore-$$
echo "#!/bin/sh" > $f
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
echo >> $f
echo ". /usr/share/shorewall/functions" >> $f
echo >> $f
grep '^MODULE' /var/lib/shorewall/restore-base >> $f
echo "reload_kernel_modules << __EOF__" >> $f
grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
echo "__EOF__" >> $f
echo >> $f
echo "ipset -U :all: :all:" >> $f
echo "ipset -F" >> $f
echo "ipset -X" >> $f
echo "ipset -R << __EOF__" >> $f
ipset -S >> $f
echo "__EOF__" >> $f
mv -f $f $RESTOREPATH
chmod +x $RESTOREPATH
echo " Current Ipset Contents Saved to $RESTOREPATH"
;;
[Nn][Oo])
;;
*)
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
;;
esac
echo "#!/bin/sh" > $f
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
echo >> $f
echo ". /usr/share/shorewall/functions" >> $f
echo >> $f
grep '^MODULE' /var/lib/shorewall/restore-base >> $f
echo "reload_kernel_modules << __EOF__" >> $f
grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
echo "__EOF__" >> $f
echo >> $f
echo "ipset -U :all: :all:" >> $f
echo "ipset -F" >> $f
echo "ipset -X" >> $f
echo "ipset -R << __EOF__" >> $f
ipset -S >> $f
echo "__EOF__" >> $f
mv -f $f $RESTOREPATH
chmod +x $RESTOREPATH
echo " Current Ipset Contents Saved to $RESTOREPATH"
;;
[Nn][Oo])
;;
*)
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
;;
esac
else
rm -f /var/lib/shorewall/restore-$$
echo " ERROR: Currently-running Configuration Not Saved"
fi
else
echo " ERROR: /var/lib/shorewall/.restoredoes not exist"
echo " ERROR: /var/lib/shorewall/.restored oes not exist"
fi
else
echo "Error Saving the Dynamic Rules"
@ -1910,6 +1916,7 @@ case "$COMMAND" in
fi
rm -f $RESTOREPATH
rm -f ${RESTOREPATH}-iptables
echo " $RESTOREPATH removed"
elif [ -f $RESTOREPATH ]; then
echo " $RESTOREPATH exists and is not a saved Shorewall configuration"