Many fixes for Shorewall-init

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-23 09:26:47 -07:00 · 2010-07-23 09:26:47 -07:00 · 2c6d1c8d14
commit 2c6d1c8d14
parent 00352baba7
7 changed files with 52 additions and 50 deletions
--- a/Shorewall-init/ifupdown.sh
+++ b/Shorewall-init/ifupdown.sh
@ -93,7 +93,11 @@ for PRODUCT in $PRODUCTS; do
    VARDIR=/var/lib/$PRODUCT
    [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir
    if [ -x $VARDIR/firewall ]; then
-	/sbin/$PRODUCT -v0 $COMMAND $IFACE
+	  ( . /usr/share/$product/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall -V0 $COMMAND $IFACE || echo_notdone
 	    mutex_off
 	  )
    fi
 done
--- a/Shorewall-init/init.debian.sh
+++ b/Shorewall-init/init.debian.sh
@ -84,7 +84,20 @@ shorewall_start () {
      VARDIR=/var/lib/$product
      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
      if [ -x ${VARDIR}/firewall ]; then
-	  ${VARDIR}/firewall stop || echo_notdone
+	  #
 	  # Run in a sub-shell to avoid name collisions
 	  #
 	  ( 
 	      . /usr/share/$product/lib.base
 	      #
 	      # Get mutex so the firewall state is stable
 	      #
 	      mutex_on
 	      if ! ${VARDIR}/firewall status > /dev/null 2>&1; then
 		  ${VARDIR}/firewall stop || echo_notdone
 	      fi
 	      mutex_off
 	  )
      fi
  done
@ -103,7 +116,11 @@ shorewall_stop () {
      VARDIR=/var/lib/$product
      [ -f /etc/$product/vardir ] && . /etc/$product/vardir
      if [ -x ${VARDIR}/firewall ]; then
-	  ${VARDIR}/firewall clear || echo_notdone
+	  ( . /usr/share/$product/lib.base
 	    mutex_on
 	    ${VARDIR}/firewall clear || echo_notdone
 	    mutex_off
 	  )
      fi
  done
--- a/Shorewall-init/init.sh
+++ b/Shorewall-init/init.sh
@ -55,15 +55,17 @@ fi
 # Initialize the firewall
 shorewall_start () {
-  local product
+  local PRODUCT
-  local vardir
+  local VARDIR
  echo -n "Initializing \"Shorewall-based firewalls\": "
-  for product in $PRODUCTS; do
+  for PRODUCT in $PRODUCTS; do
-      vardir=/var/lib/$product
+      VARDIR=/var/lib/$PRODUCT
-      [ -f /etc/$product/vardir ] && . /etc/$product/vardir 
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
-      if [ -x ${vardir}/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
-	  ${vardir}/firewall stop || exit 1
+	  if ! /sbin/$PRODUCT status > /dev/null 2>&1; then
 	      ${VARDIR}/firewall stop || echo_notdone
 	  fi
      fi
  done
@ -72,15 +74,15 @@ shorewall_start () {
 # Clear the firewall
 shorewall_stop () {
-  local product
+  local PRODUCT
-  local vardir
+  local VARDIR
  echo -n "Clearing \"Shorewall-based firewalls\": "
-  for product in $PRODUCTS; do
+  for PRODUCT in $PRODUCTS; do
-      vardir=/var/lib/$PRODUCT
+      VARDIR=/var/lib/$PRODUCT
-      [ -f /etc/$product/vardir ] && . /etc/$product/vardir 
+      [ -f /etc/$PRODUCT/vardir ] && . /etc/$PRODUCT/vardir 
-      if [ -x ${vardir}/firewall ]; then
+      if [ -x ${VARDIR}/firewall ]; then
-	  ${vardir}/firewall clear || exit 1
+	  ${VARDIR}/firewall clear || exit 1
      fi
  done
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@ -635,11 +635,6 @@ case "$COMMAND" in
 	run_it $g_firewall $debugging $nolock $COMMAND
 	[ -n "$nolock" ] || mutex_off
 	;;
    up|down)
 	[ -n "$nolock" ] || mutex_on
 	run_it $g_firewall $debugging $nolock $COMMAND
 	[ -n "$nolock" ] || mutex_off
 	;;
    reset)
 	verify_firewall_script
 	run_it $SHOREWALL_SHELL $g_firewall $debugging $nolock $@
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -1631,23 +1631,17 @@ case "$COMMAND" in
 	get_config
 	[ $# -ne 1 ] && usage 1
 	[ -x $g_firewall ] || fatal_error "Shorewall has never been started"
-	mutex_on
+	[ -n "$nolock" ] || mutex_on
-	run_it $g_firewall $g_debugging $nolock $COMMAND
+	run_it $g_firewall $g_debugging $COMMAND
-	mutex_off
+	[ -n "$nolock" ] || mutex_off
 	;;
    up|down)
 	[ -x $g_firewall ] || fatal_error "Shorewall has never been started"
 	mutex_on
 	run_it $g_firewall $g_debugging $nolock $@
 	mutex_off
 	;;
    reset)
 	get_config
 	shift
-	mutex_on
+	[ -n "$nolock" ] || mutex_on
 	[ -x $g_firewall ] || fatal_error "Shorewall has never been started"
-	run_it $g_firewall $g_debugging $nolock reset $@
+	run_it $g_firewall $g_debugging reset $@
-	mutex_off
+	[ -n "$nolock" ] || mutex_off
 	;;
    compile)
 	get_config Yes
--- a/Shorewall6-lite/shorewall6-lite
+++ b/Shorewall6-lite/shorewall6-lite
@ -619,11 +619,6 @@ case "$COMMAND" in
 	run_it $g_firewall $debugging $nolock $COMMAND
 	[ -n "$nolock" ] || mutex_off
 	;;
    up|down)
 	[ -n "$nolock" ] || mutex_on
 	run_it $g_firewall $debugging $nolock $@
 	[ -n "$nolock" ] || mutex_off
 	;;
    restart)
 	shift
 	restart_command $@
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@ -1544,22 +1544,17 @@ case "$COMMAND" in
 	[ $# -ne 1 ] && usage 1
 	get_config
 	[ -x $g_firewall ] || fatal_error "Shorewall6 has never been started"
-	mutex_on
+	[ -n "$nolock" ] || mutex_on
-	run_it $g_firewall $g_debugging $nolock $COMMAND
+	run_it $g_firewall $g_debugging $COMMAND
-	mutex_off
+	[ -n "$nolock" ] || mutex_off
 	;;
    up|down)
 	mutex_on
 	run_it $g_firewall $g_debugging $nolock $@
 	mutex_off
 	;;
    reset)
 	get_config
 	shift
-	mutex_on
+	[ -n "$nolock" ] || mutex_on
 	[ -x $g_firewall ] || fatal_error "Shorewall6 has never been started"
-	run_it $g_firewall $g_debugging $nolock reset $@
+	run_it $g_firewall $g_debugging reset $@
-	mutex_off
+	[ -n "$nolock" ] || mutex_off
 	;;
    compile)
 	get_config Yes