Add 'continue' extension script

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2004 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -1,3 +1,7 @@
+Changes in 2.2.3
+
+1) Added the 'continue' extension script.
+
 Changes in 2.2.2
 
 1) The 'check' command disclaimer is toned down further and only

Shorewall2/continue

@@ -0,0 +1,6 @@
+############################################################################
+# Shorewall 2.2 -- /etc/shorewall/continue
+#
+# Add commands below that you want to be executed after shorewall has
+# cleared any existing Netfilter rules and has enabled existing connections.
+#

Shorewall2/firewall

@@ -5678,7 +5678,7 @@ initialize_netfilter () {
     run_user_exit init
 
     #
-    # The some files might be large so strip them while the firewall is still running
+    # Some files might be large so strip them while the firewall is still running
     # (restart command). This reduces the length of time that the firewall isn't
     # accepting new connections.
     #
@@ -5721,6 +5721,8 @@ initialize_netfilter () {
     setcontinue INPUT
     setcontinue OUTPUT
 
+    run_user_exit continue
+
     [ -n "$DISABLE_IPV6" ] && disable_ipv6
 
     #
@@ -5729,10 +5731,6 @@ initialize_netfilter () {
     run_iptables -A INPUT  -i lo -j ACCEPT
     run_iptables -A OUTPUT -o lo -j ACCEPT
 
-    accounting_file=$(find_file accounting)
-
-    [ -f $accounting_file ] && setup_accounting $accounting_file
-
     #
     # Allow DNS lookups during startup for FQDNs
     #
@@ -5756,6 +5754,10 @@ initialize_netfilter () {
 	run_iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS $option
     fi
 
+    accounting_file=$(find_file accounting)
+
+    [ -f $accounting_file ] && setup_accounting $accounting_file
+
     if [ -z "$NEWNOTSYN" ]; then
 	createchain newnotsyn no
 

Shorewall2/releasenotes.txt

@@ -1,5 +1,18 @@
-Shorewall 2.2.2
+Shorewall 2.2.3
 
+-----------------------------------------------------------------------
+Problems corrected in version 2.2.3
+-----------------------------------------------------------------------
+New Features in version 2.2.3
+
+1) A new extension script "continue" has been added. This script is
+   invoked after Shorewall has set the built-in filter chains' 
+   policy to DROP, deleted any existing Netfilter rules and user
+   chains and has enabled existing connections.
+
+   It is useful for enabling certain communication while Shorewall is
+   being [re]started. Be sure to delete any rules that you add here in
+   your /etc/shorewall/start file.
 -----------------------------------------------------------------------
 Problems corrected in version 2.2.2