Add LOCKFILE option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5938 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-20 17:58:07 +02:00 · 2007-04-15 23:41:13 +00:00 · 2007-04-15 23:41:13 +00:00 · f2455933a8
commit f2455933a8
parent d643b8e167
7 changed files with 42 additions and 212 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -1,209 +1,5 @@
-Changes in 3.4.2
+Changes in 3.9.2
 1)  Update modules file for 2.6.20 module madness.
 2)  Update /sbin/shorewall[-lite] to account for mindless renaming of
    /proc/net/ip_conntrack to /proc/net/nf_conntrack.
 3)  Fix 'none[!]' and built-in actions.
 4)  Fix 'ipsecnat' tunnels.
 Changes in 3.4.1
 1)  Add rest of proxy arp fix.
 2)  Fix two problems with log-prefix handling.
 3)  Nested Zones produced shell errors.
 4)  CONTINUE policies generated invalid iptables input.
 6)  Fix CRITICALHOSTS bug in 'stop_firewall()'
 Changes in 3.4.0 Final
 1)  Add missing logic for "!" rules.
 2)  Restore missing function merge_macro_source_dest.
 3)  Fix obscure bug in rule activation logic.
 4)  Don't clear proxy arp unconditionally.
 Changes in 3.4.0 RC 3
 1)  Add warning about 'loose' and 'balance'
 2)  Fix route_rules processing.
 3)  Fix restoration of ip range dynamic entries.
 4)  Fix exit status problem with 'restart'
 5)  Dump SPD and SAD in the dump command.
 Changes in 3.4.0 RC 2
 1)  No longer include params file in compiled output.
 Changes in 3.4.0 RC 1
 1)  LITEDIR option in shorewall.conf
 2)  Add some hacks for Shorewall Lite on OpenWRT
 3)  Add macro for SixXS.
 4)  Allow ranges and ipset names in the ADDRESSES column of maclist
    file.
 5)  Add helpers for SIP to the modules file.
 6)  Only copy /etc/shorewall/params to output if non-export.
 7)  Add EXPORTPARAMS option
 Changes in 3.4.0 Beta 3
 1)  Handle VLAN interface names like vlanX@ethY.
 2)  Fix ipp2p:udp handling in action body.
 3)  Be more careful about converting pre-3.2 maclist records.
 4)  'noah' is implied by ipsecnat in /etc/shorewall/tunnels.
 5)  Reduce the number of rules in the 'blacklst' chain when
    BLACKLIST_LOGLEVEL is specified.
 Changes in 3.4.0 Beta 2
 1)  Fix for empty blacklist file.
 2)  Don't copy files from /usr/share/shorewall into the compiled
    script.
 3)  Add wait4ifup.
 4)  Rename the shorewall.conf to shorewall-lite.conf.
 Changes in 3.4.0 Beta 1
 1)  Correct handling of masq file.
 2)  Simplify log record processing and remove more noise from the
    displayed record.
 Changes in 3.3.6
 1)  Remove /etc/shorewall/Documentation.
 2)  Remove /usr/share/shorewall/help.
 3)  Use export directory's modules file with -e.
 4)  Use fwmark tc filter with unknown interfaces.
 5)  Use multiport match in tcrules.
 6)  Fix safe- commands.
 7)  Remove 'try' command.
 8)  Make colon after system optional in the 'export' command.
 9)  Restore 'try' command and improve 'safe-' commands.
 10) Allow capabilities file to be used with Shorewall as well as
    Shorewall Lite.
 11) Allow in-memory circular buffer for system log.
 12) Add ":T" qualifier in tcrules.
 13) Log start/restart/restore failures.
 Changes in 3.3.5
 1)  Restore default route when there are no 'balance' providers.
 2)  Fixes to change 1.
 3)  Many changed to improve the readability, appearance and effeciency
    of the generated script.
 4)  Turn off POLICY_MATCH if no IPSEC.
 5)  Only compile traffic shaping once.
 6)  Move config file documentary comments to a separate file.
 7)  Fix whitespace in LOGFORMAT.
 8)  Move DNAT/REDIRECT code to lib.base.
 9)  Implement -c option to [re]load command.
 10) Don't create ingress qdisc if IN-BANDWIDTH = 0.
 11) Return success if start of running config.
 12) Add Makefile especially for /usr/share/shorewall/configfiles/
 13) Add man pages.
 Changes in 3.3.4
 1)  Make exclusion work with "show zones"
 2)  Add 'show ip' and 'show routing' commands.
 3)  Add COMBINE_JUMPS option.
 4)  Add an output chain for each interface.
 5)  Rename COMBINE_JUMPS to OPTIMIZE and make its value numeric.
 6)  Suppress superfluous wildcard rules under OPTIMIZE > 0.
 7)  Support ip ranges in the drop, logdrop, reject, and allow commands.
 8)  Add lib.cli.
 9)  Attempt to undo routing changes.
 Changes in 3.3.3
 1)  Fix excluding in SUBNET column.
 2)  Add logical AND and OR support for tcrules.
 3)  Make the maximum zone name length dependent on LOGFORMAT.
 4)  Clear provider marks in POSTROUTING when HIGH_ROUTE_MARKS=Yes.
 5)  Add COMMENT support.
 6)  Add macro.RDP.
 7)  Add maclog extension file.
 8)  Rename SUBNET column in the masq file.
 9)  Allow exclusion in /etc/shorewall/hosts.
 10) Eliminate extra jumps to policy chains
 Changes in 3.3.1
 1)  Load the proxyarp lib when 'proxyarp' option is specified.
 2)  Implement default action/macros at the individual policy level.
 3)  Add logfile name to output of "shorewall show log" and "shorewall
    logwatch".
 1)  Implement '-C {shell|perl}'.
 2)  Implement LOCKFILE
--- a/Shorewall-common/lib.base
+++ b/Shorewall-common/lib.base
@ -300,7 +300,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 mutex_on()
 {
    local try=0
-    local lockf=${VARDIR}/lock
+    local lockf=${LOCKFILE:=${VARDIR}/lock}
    MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60}
@ -331,7 +331,7 @@ mutex_on()
 #
 mutex_off()
 {
-    rm -f ${VARDIR}/lock
+    rm -f ${LOCKFILE:=${VARDIR}/lock}
 }
 #
--- a/Shorewall-common/lib.config
+++ b/Shorewall-common/lib.config
@ -1691,6 +1691,7 @@ do_initialize() {
    #CONFIG_PATH is inherited
    RESTOREFILE=
    IPSECFILE=
    LOCKFILE=
    #
    # Default Actions/Macros
    #
@ -2039,6 +2040,10 @@ do_initialize() {
 	    startup_error "Invalid OPTIMIZE value ($OPTIMIZE)"
 	    ;;
    esac
    if [ -n "$LOCKFILE" ]; then
 	[ -d $(dirname $LOCKFILE) ] || startup_error "LOCKFILE=$LOCKFILE: Directory $(dirname $LOCKFILE) does not exist"
    fi
    #
    # Check out the user's shell
    #
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -24,6 +24,16 @@ Problems corrected in Shorewall 3.9.2
 2)  The params file was being copied into the generated script
    independent of the setting of EXPORTPARAMS. 
 Other changes in Shorewall 3.9.2
 1)  A LOCKFILE option has been added to shorewall.conf. This file is
    used to serialize updates to the active firewall configuration.
    If not specified, the defaults are:
       Shorewall - /var/lib/shorewall/lock
       Shorewall Lite - /var/lib/shorewall-lite/lock
 Migration Considerations:
 1)  You cannot simply upgrade your existing Shorewall package. You must
--- a/Shorewall-common/shorewall.conf
+++ b/Shorewall-common/shorewall.conf
@ -79,6 +79,8 @@ RESTOREFILE=
 IPSECFILE=zones
 LOCKFILE=
 ###############################################################################
 #		D E F A U L T   A C T I O N S / M A C R O S
 ###############################################################################
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@ -26,6 +26,7 @@ package Shorewall::Config;
 use strict;
 use warnings;
 use Shorewall::Common;
 use File::Basename;
 our @ISA = qw(Exporter);
 our @EXPORT = qw(
@ -100,6 +101,7 @@ our %config =
 		CONFIG_PATH => undef,
 		RESTOREFILE => undef,
 		IPSECFILE => undef,
 		LOCKFILE => undef,
 		#
 		# Default Actions/Macros
 		#
@ -153,7 +155,7 @@ our %config =
 #
 # Config options and global settings that are to be copied to object
 #
-my @propagateconfig = qw/ CLEAR_TC DISABLE_IPV6 ADMINISABSENTMINDED IP_FORWARDING MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK/;
+my @propagateconfig = qw/ CLEAR_TC DISABLE_IPV6 ADMINISABSENTMINDED IP_FORWARDING MODULESDIR MODULE_SUFFIX LOGFORMAT SUBSYSLOCK LOCKFILE/;
 my @propagateenv    = qw/ LOGLIMIT LOGTAGONLY LOGRULENUMBERS /;
 #
@ -910,6 +912,20 @@ sub get_configuration( $ ) {
 	$globals{LOGFORMAT}='Shorewall:%s:%s:';
 	$globals{MAXZONENAMELENGTH} = 5;
    }
    if ( $config{LOCKFILE} ) {
 	my ( $file, $dir, $suffix );
 	eval {
 	    ( $file, $dir, $suffix ) = fileparse( $config{LOCKFILE} );
 	};
 	die $@ if $@;
 	fatal_error "LOCKFILE=$config{LOCKFILE}: Directory $dir does not exist" unless -d $dir;
    } else {
 	$config{LOCKFILE} = '';
    }
 }
 sub propagateconfig() {
@ -974,7 +990,7 @@ sub generate_aux_config() {
    emit join ( '', "#\n# Shorewall auxiliary configuration file created by Shorewall-perl version ", $globals{VERSION}, ' - ' , localtime , "\n#" );
-    for my $option qw(VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK RESTOREFILE SAVE_IPSETS) {
+    for my $option qw(VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE SAVE_IPSETS) {
 	conditionally_add_option $option;
    }
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@ -5079,6 +5079,7 @@ __EOF__
    cat >&3 << __EOF__
    VERSION="$VERSION"
    SUBSYSLOCK="$SUBSYSLOCK"
    LOCKFILE="$LOCKFILE"
    PATH="$PATH"
    TERMINATOR=fatal_error
@ -5600,7 +5601,7 @@ __EOF__
 # Shorewall auxiliary configuration file created by Shorewall version $VERSION - $(date)
 #
 __EOF__
-	    for option in VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK RESTOREFILE SAVE_IPSETS; do
+	    for option in VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK RESTOREFILE LOCKFILE SAVE_IPSETS; do
 		conditionally_add_option $option
 	    done