mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Finish implementation of save/restore/forget
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3378 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
df34d1f79b
commit
eca8a37f42
@ -8497,7 +8497,7 @@ __EOF__
|
||||
#
|
||||
# Start/Restart/Reload the firewall
|
||||
#
|
||||
define_firewall() {}
|
||||
define_firewall() {
|
||||
__EOF__
|
||||
|
||||
INDENT=" "
|
||||
@ -8593,6 +8593,14 @@ __EOF__
|
||||
append_file $file
|
||||
done
|
||||
|
||||
cat >> $OUTPUT << __EOF__
|
||||
|
||||
if [ \$COMMAND = restore ]; then
|
||||
iptables-restore <
|
||||
\$1
|
||||
fi
|
||||
|
||||
__EOF__
|
||||
save_command "date > /var/lib/shorewall/restarted"
|
||||
|
||||
run_user_exit start
|
||||
@ -8605,14 +8613,51 @@ __EOF__
|
||||
|
||||
run_user_exit started
|
||||
|
||||
save_command "cp -f \$SCRIPT /var/lib/shorewall/.restore"
|
||||
cat >> $OUTPUT << __EOF__
|
||||
|
||||
cp -f \$(my_pathname) /var/lib/shorewall/.restore
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
# Silently efine Firewall and ignore errors
|
||||
#
|
||||
restore_firewall()
|
||||
{
|
||||
iptables_save_file=/var/lib/shorewall/\$(basename \$0)-iptables
|
||||
|
||||
fatal_error()
|
||||
{
|
||||
echo " ERROR: \$@" >&2
|
||||
}
|
||||
|
||||
startup_error() # \$@ = Error Message
|
||||
{
|
||||
echo " ERROR: \$@" >&2
|
||||
}
|
||||
|
||||
run_iptables() { return 0; }
|
||||
|
||||
VERBOSE=-1
|
||||
|
||||
IPTABLES=run_iptables
|
||||
|
||||
if [ -f \$iptables_save_file ]; then
|
||||
{
|
||||
define_firewall \$iptables_save_file
|
||||
}
|
||||
else
|
||||
fatal_error "\$iptables_save_file does not exist"
|
||||
exit 2
|
||||
fi
|
||||
}
|
||||
|
||||
__EOF__
|
||||
|
||||
if [ $COMMAND = check ]; then
|
||||
echo "Shorewall configuration verified"
|
||||
else
|
||||
INDENT=
|
||||
save_command "}"
|
||||
save_command ""
|
||||
cat $(find_file prog.header) $OUTPUT $(find_file prog.footer) > $outfile
|
||||
chmod 700 $outfile
|
||||
progress_message2 "Shorewall configuration compiled to $outfile"
|
||||
|
@ -136,6 +136,14 @@ fix_bang() {
|
||||
done
|
||||
}
|
||||
|
||||
#
|
||||
# Echos the fully-qualified name of the calling shell program
|
||||
#
|
||||
my_pathname() {
|
||||
cd $(dirname $0)
|
||||
echo $PWD/$(basename $0)
|
||||
}
|
||||
|
||||
#
|
||||
# Set default config path
|
||||
#
|
||||
|
@ -1,29 +1,3 @@
|
||||
#
|
||||
# Define Firewall and ignore errors
|
||||
#
|
||||
restore_firewall()
|
||||
{
|
||||
fatal_error()
|
||||
{
|
||||
echo " ERROR: $@" >&2
|
||||
}
|
||||
|
||||
startup_error() # foo = Error Message
|
||||
{
|
||||
echo " ERROR: $@" >&2
|
||||
}
|
||||
|
||||
define_firewall
|
||||
}
|
||||
|
||||
#
|
||||
# Returns the fully-qualified name of this script
|
||||
#
|
||||
current_command() {
|
||||
cd $(dirname $0)
|
||||
echo $PWD/$(basename $0)
|
||||
}
|
||||
|
||||
#
|
||||
# Give Usage Information
|
||||
#
|
||||
@ -34,8 +8,6 @@ usage() {
|
||||
################################################################################
|
||||
# E X E C U T I O N B E G I N S H E R E #
|
||||
################################################################################
|
||||
SCRIPT=$(current_command)
|
||||
|
||||
initialize
|
||||
|
||||
finished=0
|
||||
|
@ -430,46 +430,52 @@ save_config() {
|
||||
if $IPTABLES -L dynamic -n > /var/lib/shorewall/save; then
|
||||
echo " Dynamic Rules Saved"
|
||||
if [ -f /var/lib/shorewall/.restore ]; then
|
||||
cp -f /var/lib/shorewall/.restore $RESTOREPATH
|
||||
chmod +x $RESTOREPATH
|
||||
echo " Currently-running Configuration Saved to $RESTOREPATH"
|
||||
if iptables-save | iptablesbug > /var/lib/shorewall/restore-$$; then
|
||||
cp -f /var/lib/shorewall/.restore $RESTOREPATH
|
||||
mv -f /var/lib/shorewall/restore-$$ ${RESTOREPATH}-iptables
|
||||
chmod +x $RESTOREPATH
|
||||
echo " Currently-running Configuration Saved to $RESTOREPATH"
|
||||
|
||||
rm -f ${RESTOREPATH}-ipsets
|
||||
rm -f ${RESTOREPATH}-ipsets
|
||||
|
||||
case ${SAVE_IPSETS:-No} in
|
||||
[Yy][Ee][Ss])
|
||||
RESTOREPATH=${RESTOREPATH}-ipsets
|
||||
case ${SAVE_IPSETS:-No} in
|
||||
[Yy][Ee][Ss])
|
||||
RESTOREPATH=${RESTOREPATH}-ipsets
|
||||
|
||||
f=/var/lib/shorewall/restore-$$
|
||||
f=/var/lib/shorewall/restore-$$
|
||||
|
||||
echo "#!/bin/sh" > $f
|
||||
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
|
||||
echo >> $f
|
||||
echo ". /usr/share/shorewall/functions" >> $f
|
||||
echo >> $f
|
||||
grep '^MODULE' /var/lib/shorewall/restore-base >> $f
|
||||
echo "reload_kernel_modules << __EOF__" >> $f
|
||||
grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
|
||||
echo "__EOF__" >> $f
|
||||
echo >> $f
|
||||
echo "ipset -U :all: :all:" >> $f
|
||||
echo "ipset -F" >> $f
|
||||
echo "ipset -X" >> $f
|
||||
echo "ipset -R << __EOF__" >> $f
|
||||
ipset -S >> $f
|
||||
echo "__EOF__" >> $f
|
||||
mv -f $f $RESTOREPATH
|
||||
chmod +x $RESTOREPATH
|
||||
echo " Current Ipset Contents Saved to $RESTOREPATH"
|
||||
;;
|
||||
[Nn][Oo])
|
||||
;;
|
||||
*)
|
||||
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
|
||||
;;
|
||||
esac
|
||||
echo "#!/bin/sh" > $f
|
||||
echo "#This ipset restore file generated $(date) by Shorewall $version" >> $f
|
||||
echo >> $f
|
||||
echo ". /usr/share/shorewall/functions" >> $f
|
||||
echo >> $f
|
||||
grep '^MODULE' /var/lib/shorewall/restore-base >> $f
|
||||
echo "reload_kernel_modules << __EOF__" >> $f
|
||||
grep 'loadmodule ip_set' /var/lib/shorewall/restore-base >> $f
|
||||
echo "__EOF__" >> $f
|
||||
echo >> $f
|
||||
echo "ipset -U :all: :all:" >> $f
|
||||
echo "ipset -F" >> $f
|
||||
echo "ipset -X" >> $f
|
||||
echo "ipset -R << __EOF__" >> $f
|
||||
ipset -S >> $f
|
||||
echo "__EOF__" >> $f
|
||||
mv -f $f $RESTOREPATH
|
||||
chmod +x $RESTOREPATH
|
||||
echo " Current Ipset Contents Saved to $RESTOREPATH"
|
||||
;;
|
||||
[Nn][Oo])
|
||||
;;
|
||||
*)
|
||||
echo " WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
rm -f /var/lib/shorewall/restore-$$
|
||||
echo " ERROR: Currently-running Configuration Not Saved"
|
||||
fi
|
||||
else
|
||||
echo " ERROR: /var/lib/shorewall/.restoredoes not exist"
|
||||
echo " ERROR: /var/lib/shorewall/.restored oes not exist"
|
||||
fi
|
||||
else
|
||||
echo "Error Saving the Dynamic Rules"
|
||||
@ -1910,6 +1916,7 @@ case "$COMMAND" in
|
||||
fi
|
||||
|
||||
rm -f $RESTOREPATH
|
||||
rm -f ${RESTOREPATH}-iptables
|
||||
echo " $RESTOREPATH removed"
|
||||
elif [ -f $RESTOREPATH ]; then
|
||||
echo " $RESTOREPATH exists and is not a saved Shorewall configuration"
|
||||
|
Loading…
Reference in New Issue
Block a user