forked from extern/shorewall_code
More wrapup of 'refresh' restoration
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6768 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
3d2eca5183
commit
1d19c1b8eb
@ -14,6 +14,8 @@ Changes in 4.0.0 RC 1
|
|||||||
|
|
||||||
7) Work around SELinux nonsense.
|
7) Work around SELinux nonsense.
|
||||||
|
|
||||||
|
8) Restore the 'refresh' command.
|
||||||
|
|
||||||
Changes in 4.0.0 Beta 6
|
Changes in 4.0.0 Beta 6
|
||||||
|
|
||||||
1) First step to adding compiler debugging facility.
|
1) First step to adding compiler debugging facility.
|
||||||
|
|||||||
@ -340,6 +340,7 @@ Migration Considerations:
|
|||||||
following exceptions:
|
following exceptions:
|
||||||
|
|
||||||
- The refresh command is rejected if Shorewall is not running.
|
- The refresh command is rejected if Shorewall is not running.
|
||||||
|
- The refresh command only rebuilds the 'blacklst' chain.
|
||||||
- A directory name may not be specified in the refresh command.
|
- A directory name may not be specified in the refresh command.
|
||||||
|
|
||||||
g) Some run-time scripts have been converted to compile time
|
g) Some run-time scripts have been converted to compile time
|
||||||
@ -357,14 +358,9 @@ Migration Considerations:
|
|||||||
|
|
||||||
my $chainref = $chain_table{'filter'}{'INPUT'};
|
my $chainref = $chain_table{'filter'}{'INPUT'};
|
||||||
|
|
||||||
Some run-time scripts are simply eliminated because they no
|
The continue script is eliminated. That script was designed to
|
||||||
longer make any sense under Shorewall-perl:
|
allow you to add special rules during [re]start. Shorewall-perl
|
||||||
|
doesn't need such rules.
|
||||||
continue - This script was designed to allow you to add
|
|
||||||
special rules during [re]start.
|
|
||||||
Shorewall-perl doesn't need such rules.
|
|
||||||
refresh - The 'refresh' command is the same as 'restart'
|
|
||||||
refreshed
|
|
||||||
|
|
||||||
h) The /etc/shorewall/tos file now has zone-independent SOURCE and
|
h) The /etc/shorewall/tos file now has zone-independent SOURCE and
|
||||||
DEST columns as do all other files except the rules and policy
|
DEST columns as do all other files except the rules and policy
|
||||||
|
|||||||
@ -1993,9 +1993,7 @@ sub create_blacklist_reload() {
|
|||||||
emitr '*filter';
|
emitr '*filter';
|
||||||
emitr ':blacklst - [0:0]';
|
emitr ':blacklst - [0:0]';
|
||||||
|
|
||||||
my $chainref = $filter_table->{blacklst};
|
for my $rule ( @{$filter_table->{blacklst}{rules}} ) {
|
||||||
|
|
||||||
for my $rule ( @{$chainref->{rules}} ) {
|
|
||||||
emitr( substr( $rule, 0, 1 ) eq '~' ? $rule : "-A blacklst $rule" );
|
emitr( substr( $rule, 0, 1 ) eq '~' ? $rule : "-A blacklst $rule" );
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
|||||||
@ -132,8 +132,24 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The 'refresh' command is now synonymous with
|
<para>The 'refresh' command is now similar to restart with the
|
||||||
'restart'.</para>
|
exceptios that:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>The command fails if Shorewall is not running.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>A directory name cannot be specified in the
|
||||||
|
command.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>The refresh command does not alter the Netfilter
|
||||||
|
configuration except for the static blacklist.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -173,7 +189,7 @@
|
|||||||
|
|
||||||
<entry>initdone</entry>
|
<entry>initdone</entry>
|
||||||
|
|
||||||
<entry>refresh</entry>
|
<entry></entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
|
|||||||
@ -101,8 +101,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>refresh -- invoked while the firewall is being refreshed but
|
<para>refresh -- invoked while the firewall is being refreshed but
|
||||||
before the blacklst chains have been rebuilt (Not used by Shorewall
|
before the blacklst chains have been rebuilt (Note: Shorewall-perl does
|
||||||
Perl).</para>
|
not rebuild the blacklist during <command>refresh</command>).</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -366,7 +366,7 @@
|
|||||||
|
|
||||||
<entry>initdone</entry>
|
<entry>initdone</entry>
|
||||||
|
|
||||||
<entry>refresh</entry>
|
<entry></entry>
|
||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
|
|||||||
@ -810,13 +810,17 @@
|
|||||||
<term><emphasis role="bold">refresh</emphasis></term>
|
<term><emphasis role="bold">refresh</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>The rules involving the the black list, ECN control rules, and
|
<para>Shorewall-shell: The rules involving the the black list, ECN
|
||||||
traffic shaping are recreated to reflect any changes made to your
|
control rules, and traffic shaping are recreated to reflect any
|
||||||
configuration files. Existing connections are untouched. Under
|
changes made to your configuration files. Existing connections are
|
||||||
Shorewall-perl, <command>refresh</command> preforms the same action
|
untouched.</para>
|
||||||
as <command>restart</command> (<command>refresh</command> requires
|
|
||||||
that Shorewall is already running and does not accept a directory
|
<para>Shorewall-perl: All steps performed by
|
||||||
name as an argument).</para>
|
<command>restart</command> are performed by
|
||||||
|
<command>refresh</command> with the exception that
|
||||||
|
<command>refresh</command> only recreates the static blacklist while
|
||||||
|
<command>restart</command> recreates the entire Netfilter
|
||||||
|
ruleset.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user