More wrapup of 'refresh' restoration

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6768 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-07-03 19:55:01 +00:00 · 2007-07-03 19:55:01 +00:00 · 1d19c1b8eb
commit 1d19c1b8eb
parent 3d2eca5183
6 changed files with 40 additions and 24 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -14,6 +14,8 @@ Changes in 4.0.0 RC 1

 7)  Work around SELinux nonsense.

+8)  Restore the 'refresh' command.
+
 Changes in 4.0.0 Beta 6

 1)  First step to adding compiler debugging facility.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -340,6 +340,7 @@ Migration Considerations:
       following exceptions:

       - The refresh command is rejected if Shorewall is not running.
+       - The refresh command only rebuilds the 'blacklst' chain.
       - A directory name may not be specified in the refresh command.

    g) Some run-time scripts have been converted to compile time
@ -357,14 +358,9 @@ Migration Considerations:

           my $chainref = $chain_table{'filter'}{'INPUT'};

-       Some run-time scripts are simply eliminated because they no
-       longer make any sense under Shorewall-perl:
-
-	continue  - This script was designed to allow you to add
-	            special rules during [re]start.
-	            Shorewall-perl doesn't need such rules.
-	refresh   - The 'refresh' command is the same as 'restart'
-	refreshed
+       The continue script is eliminated. That script was designed to
+       allow you to add special rules during [re]start. Shorewall-perl
+       doesn't need such rules.

    h) The /etc/shorewall/tos file now has zone-independent SOURCE and
       DEST columns as do all other files except the rules and policy
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -1993,9 +1993,7 @@ sub create_blacklist_reload() {
    emitr '*filter';
    emitr ':blacklst - [0:0]';

-    my $chainref = $filter_table->{blacklst};
-
-    for my $rule ( @{$chainref->{rules}} ) {
+    for my $rule ( @{$filter_table->{blacklst}{rules}} ) {
 	emitr( substr( $rule, 0, 1 ) eq '~' ? $rule : "-A blacklst $rule" );
    }
    #
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@ -132,8 +132,24 @@
          </listitem>

          <listitem>
-            <para>The 'refresh' command is now synonymous with
-            'restart'.</para>
+            <para>The 'refresh' command is now similar to restart with the
+            exceptios that:</para>
+
+            <itemizedlist>
+              <listitem>
+                <para>The command fails if Shorewall is not running.</para>
+              </listitem>
+
+              <listitem>
+                <para>A directory name cannot be specified in the
+                command.</para>
+              </listitem>
+
+              <listitem>
+                <para>The refresh command does not alter the Netfilter
+                configuration except for the static blacklist.</para>
+              </listitem>
+            </itemizedlist>
          </listitem>

          <listitem>
@ -173,7 +189,7 @@

                      <entry>initdone</entry>

-                      <entry>refresh</entry>
+                      <entry></entry>
                    </row>

                    <row>
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@ -101,8 +101,8 @@

    <listitem>
      <para>refresh -- invoked while the firewall is being refreshed but
-      before the blacklst chains have been rebuilt (Not used by Shorewall
-      Perl).</para>
+      before the blacklst chains have been rebuilt (Note: Shorewall-perl does
+      not rebuild the blacklist during <command>refresh</command>).</para>
    </listitem>

    <listitem>
@ -366,7 +366,7 @@

                <entry>initdone</entry>

-                <entry>refresh</entry>
+                <entry></entry>
              </row>

              <row>
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@ -810,13 +810,17 @@
        <term><emphasis role="bold">refresh</emphasis></term>

        <listitem>
-          <para>The rules involving the the black list, ECN control rules, and
-          traffic shaping are recreated to reflect any changes made to your
-          configuration files. Existing connections are untouched. Under
-          Shorewall-perl, <command>refresh</command> preforms the same action
-          as <command>restart</command> (<command>refresh</command> requires
-          that Shorewall is already running and does not accept a directory
-          name as an argument).</para>
+          <para>Shorewall-shell: The rules involving the the black list, ECN
+          control rules, and traffic shaping are recreated to reflect any
+          changes made to your configuration files. Existing connections are
+          untouched.</para>
+
+          <para>Shorewall-perl: All steps performed by
+          <command>restart</command> are performed by
+          <command>refresh</command> with the exception that
+          <command>refresh</command> only recreates the static blacklist while
+          <command>restart</command> recreates the entire Netfilter
+          ruleset.</para>
        </listitem>
      </varlistentry>