holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

More rationalization of options and commands

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-01-18 20:17:58 +00:00
parent 3c1ab3a6a8
commit 1f9d9629c8
2 changed files with 231 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Shorewall/help
View File

@ -88,15 +88,21 @@ clear)
;; ;;
compile) compile)
echo "compile: compile [ -e ] [ <directory name> ] <file name> echo "compile: compile [ -e ] [ -p ] [ <directory name> ] <path name>
Compiles the current configuration into the executable file Compiles the current configuration into the executable file
/var/lib/shorewall/<file name> <path name>. If <path name> names a file in /var/lib/shorewall then
the file may be executed using the \"restore\" command.
When -e is specified, the compilation is being performed on a system When -e is specified, the compilation is being performed on a system
other than where the compiled script will run. This option disables other than where the compiled script will run. This option disables
certain configuration options that require the script to be compiled certain configuration options that require the script to be compiled
where it is to be run. where it is to be run.
When -p is specified, a complete program is produced that supports
the 'start', 'stop', 'restart', etc. commands. That program is suitable
for placing in /etc/init.d/ and can provide a firewall on a system
without Shorewall installed.
'generate' is a synonym for 'compile'." 'generate' is a synonym for 'compile'."
;; ;;
@ -220,7 +226,8 @@ refresh)
echo "refresh: [ -q ] refresh echo "refresh: [ -q ] refresh
The rules involving the broadcast addresses of firewall interfaces, The rules involving the broadcast addresses of firewall interfaces,
the black list, traffic control rules and ECN control rules are recreated the black list, traffic control rules and ECN control rules are recreated
to reflect any changes made. Existing connections are untouched to reflect any changes made. Existing connections are untouched.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings" If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
;; ;;
@ -234,11 +241,14 @@ reject)
;; ;;
reload) reload)
echo "reload: reload [ <directory name> ] echo "reload: reload [ -q ] [ -n ] [ <directory name> ]
Causes Shorewall to generate a new compiled restore file using the named directory Causes Shorewall to generate a new compiled restore file using the named directory
as the first search directory for configuration file. If that generation is error-free, as the first search directory for configuration file. If that generation is error-free,
the generated restore file is executed." the generated restore file is executed.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings
If \"-n\" is specified, no changes to routing will be made"
;; ;;
reset) reset)
@ -247,9 +257,10 @@ reset)
;; ;;
restart) restart)
echo "restart: [ -q ] [ -n ] restart [ <configuration-directory> ] echo "restart: restart [ -q ] [ -n ] [ <configuration-directory> ]
Restart is the same as a shorewall stop && shorewall start. Restart is the same as a shorewall stop && shorewall start.
Existing connections are maintained. Existing connections are maintained.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings If \"-q\" is specified, less detain is displayed making it easier to spot warnings
If \"-n\" is specified, no changes to routing will be made" If \"-n\" is specified, no changes to routing will be made"
;; ;;
@ -268,22 +279,17 @@ safe-start)
;; ;;
restore) restore)
echo "restore: [ -n ] restore [ <file name> ] echo "restore: restore [ -q ] [ -n ] [ <file name> ]
Restore Shorewall to a state saved using the 'save' command Restore Shorewall to a state saved using the 'save' command
Existing connections are maintained. The <file name> names a restore file in Existing connections are maintained. The <file name> names a restore file in
/var/lib/shorewall created using "shorewall save"; if no <file name> is given /var/lib/shorewall created using \"shorewall save\"; if no <file name> is given
then Shorewall will be restored from the file specified by the RESTOREFILE then Shorewall will be restored from the file specified by the RESTOREFILE
option in shorewall.conf. option in shorewall.conf.
If \"-q\" is specified, less detain is displayed making it easier to spot warnings
If \"-n\" is specified, no changes to routing will be made. If \"-n\" is specified, no changes to routing will be made.
WARNING: If the restore file specified by <file name> was created using the See also \"help save\", \"help compile\" and \"help forget\""
'shorewall generate' command and error messages are produced during 'shorewall
restore' then your firewall is probably in an INSECURE STATE.
YOU HAVE BEEN WARNED!!!!
See also \"help save\", \"help generate\" and \"help forget\""
;; ;;
save) save)
@ -330,7 +336,7 @@ show)
;; ;;
start) start)
echo "start: [ -q ] [ -f ] [ -n ] start [ <configuration-directory> ] echo "start: start [ -f ] [ -n ] [ -q ] [ <configuration-directory> ]
Start shorewall. Existing connections through shorewall managed Start shorewall. Existing connections through shorewall managed
interfaces are untouched. New connections will be allowed only interfaces are untouched. New connections will be allowed only
if they are allowed by the firewall rules or policies. if they are allowed by the firewall rules or policies.

237
Shorewall/shorewall
View File

@ -502,18 +502,18 @@ help()
# #
usage() # $1 = exit status usage() # $1 = exit status
{ {
echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] [ -n ] <command>" echo "Usage: $(basename $0) [debug|trace] [nolock] [ -x ] [ -q ] [ -v ] [ -n ] <command>"
echo "where <command> is one of:" echo "where <command> is one of:"
echo " add <interface>[:<host-list>] ... <zone>" echo " add <interface>[:<host-list>] ... <zone>"
echo " allow <address> ..." echo " allow <address> ..."
echo " check [ <directory> ]" echo " check [ <directory> ]"
echo " clear" echo " clear"
echo " compile [ -e ] [ -p ] [ <directory name> ] <file name>" echo " compile [ -e ] [ -p ] [ <directory name> ] <path name>"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump" echo " dump"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " generate [ -e ] [-p ] [ <directory name> ] <file name>" echo " generate [ -e ] [-p ] [ <directory name> ] <path name>"
echo " help [ <command > | host | address ]" echo " help [ <command > | host | address ]"
echo " hits" echo " hits"
echo " ipcalc { <address>/<vlsm> | <address> <netmask> }" echo " ipcalc { <address>/<vlsm> | <address> <netmask> }"
@ -523,12 +523,12 @@ usage() # $1 = exit status
echo " refresh" echo " refresh"
echo " reject <address> ..." echo " reject <address> ..."
echo " reset" echo " reset"
echo " reload [ <directory> ]" echo " reload [ -n ] [ -q ] [ <directory> ]"
echo " restart [ <directory> ]" echo " restart [ -n ] [ -q ] [ <directory> ]"
echo " restore [ <file name> ]" echo " restore [ -n ] [ -q ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]" echo " show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|macros|mangle|nat|tc|zones]"
echo " start [ <directory> ]" echo " start [ -f ] [ -n ] [ -q ] [ <directory> ]"
echo " stop" echo " stop"
echo " status" echo " status"
echo " try <directory> [ <timeout> ]" echo " try <directory> [ <timeout> ]"
@ -784,23 +784,66 @@ case $(echo -n "Testing") in
;; ;;
esac esac
case "$1" in COMMAND=$1
case "$COMMAND" in
start) start)
shift
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
q*)
QUIET=$(($QUIET + 1 ))
option=${option#q}
;;
f*)
FAST=Yes
option=${option#f}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
case $# in case $# in
1) 0)
;; ;;
2) 1)
[ -n "$SHOREWALL_DIR" -o -n "$FAST" ] && usage 2 [ -n "$SHOREWALL_DIR" -o -n "$FAST" ] && usage 2
if [ ! -d $2 ]; then if [ ! -d $1 ]; then
if [ -e $2 ]; then if [ -e $1 ]; then
echo "$2 is not a directory" >&2 && exit 2 echo "$1 is not a directory" >&2 && exit 2
else else
echo "Directory $2 does not exist" >&2 && exit 2 echo "Directory $1 does not exist" >&2 && exit 2
fi fi
fi fi
SHOREWALL_DIR=$2 SHOREWALL_DIR=$
export SHOREWALL_DIR export SHOREWALL_DIR
;; ;;
*) *)
@ -848,7 +891,7 @@ case "$1" in
stop|reset|clear|refresh) stop|reset|clear|refresh)
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
export NOROUTES export NOROUTES
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
;; ;;
compile|generate) compile|generate)
shift shift
@ -925,7 +968,71 @@ case "$1" in
exec $SHOREWALL_SHELL $FIREWALL $debugging generate $file exec $SHOREWALL_SHELL $FIREWALL $debugging generate $file
;; ;;
check|restart) restart)
shift
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
q*)
QUIET=$(($QUIET + 1 ))
option=${option#q}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
case $# in
0)
;;
1)
[ -n "$SHOREWALL_DIR" ] && usage 2
if [ ! -d $1 ]; then
if [ -e $1 ]; then
echo "$1 is not a directory" >&2 && exit 2
else
echo "Directory $1 does not exist" >&2 && exit 2
fi
fi
SHOREWALL_DIR=$1
export SHOREWALL_DIR
;;
*)
usage 1
;;
esac
export NOROUTES
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock restart
;;
check)
case $# in case $# in
1) 1)
;; ;;
@ -950,24 +1057,61 @@ case "$1" in
export NOROUTES export NOROUTES
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock check
;; ;;
reload) reload)
shift
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
q*)
QUIET=$(($QUIET + 1 ))
option=${option#q}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
case $# in case $# in
1) 0)
;; ;;
2) 1)
[ -n "$SHOREWALL_DIR" ] && usage 2 [ -n "$SHOREWALL_DIR" ] && usage 2
if [ ! -d $2 ]; then if [ ! -d $1 ]; then
if [ -e $2 ]; then if [ -e $1 ]; then
echo "$2 is not a directory" >&2 && exit 2 echo "$1 is not a directory" >&2 && exit 2
else else
echo "Directory $2 does not exist" >&2 && exit 2 echo "Directory $1 does not exist" >&2 && exit 2
fi fi
fi fi
SHOREWALL_DIR=$2 SHOREWALL_DIR=$1
export SHOREWALL_DIR export SHOREWALL_DIR
;; ;;
*) *)
@ -1404,11 +1548,48 @@ case "$1" in
esac esac
;; ;;
restore) restore)
shift
finished=0
while [ $finished -eq 0 -a $# -gt 0 ]; do
option=$1
case $option in
-*)
option=${option#-}
while [ -n "$option" ]; do
case $option in
-)
finished=1
option=
;;
q*)
QUIET=$(($QUIET + 1 ))
option=${option#q}
;;
n*)
NOROUTES=Yes
option=${option#n}
;;
*)
usage 1
;;
esac
done
shift
;;
*)
finished=1
;;
esac
done
case $# in case $# in
1) 0)
;; ;;
2) 1)
RESTOREFILE="$2" RESTOREFILE="$1"
validate_restorefile '<restore file>' validate_restorefile '<restore file>'
;; ;;
*) *)