holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Implement LEGACY_FASTSTART option

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-05-22 15:36:29 -07:00
parent 981b503fa4
commit 5d04c93a16
12 changed files with 122 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -540,6 +540,7 @@ sub initialize( $ ) {
FORWARD_CLEAR_MARK => undef, FORWARD_CLEAR_MARK => undef,
COMPLETE => undef, COMPLETE => undef,
EXPORTMODULES => undef, EXPORTMODULES => undef,
LEGACY_FASTSTART => undef,
# #
# Packet Disposition # Packet Disposition
# #
@ -3309,6 +3310,7 @@ sub get_configuration( $ ) {
default_yes_no 'FORWARD_CLEAR_MARK' , have_capability 'MARK' ? 'Yes' : ''; default_yes_no 'FORWARD_CLEAR_MARK' , have_capability 'MARK' ? 'Yes' : '';
default_yes_no 'COMPLETE' , ''; default_yes_no 'COMPLETE' , '';
default_yes_no 'EXPORTMODULES' , ''; default_yes_no 'EXPORTMODULES' , '';
default_yes_no 'LEGACY_FASTSTART' , '';
require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK}; require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};

2
Shorewall/changelog.txt
View File

@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Beta 4
1) Smarten up the tc devnum algorithm. 1) Smarten up the tc devnum algorithm.
2) Implement LEGACY_FASTSTART option.
Changes in Shorewall 4.4.20 Beta 3 Changes in Shorewall 4.4.20 Beta 3
1) Add auditing support. 1) Add auditing support.

2
Shorewall/configfiles/shorewall.conf
View File

@ -198,6 +198,8 @@ EXPORTMODULES=Yes
ACCOUNTING_TABLE=filter ACCOUNTING_TABLE=filter
LEGACY_FASTSTART=No
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

11
Shorewall/releasenotes.txt
View File

@ -135,6 +135,17 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
output of 'shorewall show actions' whose names begin with a output of 'shorewall show actions' whose names begin with a
lower-case letter. lower-case letter.
6) Up to this release, the behaviors of 'start -f' and 'restart -f'
were inconsistent. The 'start -f' command compares the modification
times of /etc/shorewall[6] with /var/lib/shorewall[6]/restore while
'restart -f' compares with /var/lib/shorewall[6]/firewall.
To make the two consistent, a new LEGACY_FASTSTART option has been
added. The default value when the option isn't specified is
LEGACY_FASTSTART=Yes which preserves the old behavior. When
LEGACY_FASTSTART=No, both commands compare with
/var/lib/shorewall[6]/firewall.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

24
Shorewall/shorewall
View File

@ -298,6 +298,24 @@ get_config() {
fi fi
;; ;;
esac esac
case $LEGACY_FASTSTART in
Yes|yes)
;;
No|no)
LEGACY_FASTSTART=
;;
*)
if [ -n "$LEGACY_FASTSTART" ]; then
echo " ERROR: Invalid LEGACY_FASTSTART setting (LEGACY_FASTSTART)" >&2
exit 1
fi
LEGACY_FASTSTART=Yes
;;
esac
} }
# #
@ -312,8 +330,8 @@ startup_error() {
# #
# Determine if there are config files newer than the passed object # Determine if there are config files newer than the passed object
# #
upofdate() { uptodate() {
[ -z "$(find ${CONFDIR} -newer $1)" ] [ -f $1 ] && [ -z "$(find ${CONFDIR} -newer $1)" ]
} }
# #
@ -481,7 +499,7 @@ start_command() {
esac esac
if [ -n "${g_fast}${AUTOMAKE}" ]; then if [ -n "${g_fast}${AUTOMAKE}" ]; then
if [ -z "$g_fast" ]; then if [ -z "$g_fast" -o -z "$LEGACY_FASTSTART" ]; then
# #
# Automake -- use the last compiled script # Automake -- use the last compiled script
# #

20
Shorewall6/shorewall6
View File

@ -224,6 +224,22 @@ get_config() {
fi fi
;; ;;
esac esac
case $LEGACY_FASTSTART in
Yes|yes)
;;
No|no)
LEGACY_FASTSTART=
;;
*)
if [ -n "$LEGACY_FASTSTART" ]; then
echo " ERROR: Invalid LEGACY_FASTSTART setting (LEGACY_FASTSTART)" >&2
exit 1
fi
LEGACY_FASTSTART=Yes
;;
esac
} }
# #
@ -239,7 +255,7 @@ startup_error() {
# Determine if there are config files newer than the passed object # Determine if there are config files newer than the passed object
# #
uptodate() { uptodate() {
[ -z "$(find ${CONFDIR} -newer $1)" ] [ -f $1 ] && [ -z "$(find ${CONFDIR} -newer $1)" ]
} }
# #
@ -413,7 +429,7 @@ start_command() {
esac esac
if [ -n "${g_fast}${AUTOMAKE}" ]; then if [ -n "${g_fast}${AUTOMAKE}" ]; then
if [ -z "$g_fast" ]; then if [ -z "$g_fast" -o -z "$LEGACY_FASTSTART" ]; then
# #
# Autofast -- use the last compiled script # Autofast -- use the last compiled script
# #

2
Shorewall6/shorewall6.conf
View File

@ -161,6 +161,8 @@ EXPORTMODULES=Yes
ACCOUNTING_TABLE=filter ACCOUNTING_TABLE=filter
LEGACY_FASTSTART=No
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

7
docs/starting_and_stopping_shorewall.xml
View File

@ -360,6 +360,13 @@
<filename>/etc/sysconfig/shorewall</filename> (if your distribution <filename>/etc/sysconfig/shorewall</filename> (if your distribution
provides neither of these files, you must create one or the provides neither of these files, you must create one or the
other).</para> other).</para>
<para><emphasis role="bold">Update</emphasis>: In Shorewall 4.4.20, a
new LEGACY_FASTSTART option was added to <ulink
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.
When LEGACY_FASTSTART=No, the compiled script that did the last
successful <command role="bold">start</command> or <command
role="bold">restart</command> will be used.</para>
</listitem> </listitem>
<listitem> <listitem>

26
manpages/shorewall.conf.xml
View File

@ -79,7 +79,7 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -89,7 +89,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -99,7 +99,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -109,7 +109,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -119,7 +119,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -835,6 +835,22 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">LEGACY_FASTSTART=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>Added in Shorewall 4.4.20. If not specified, the default is
Yes which preserves the legacy behavior of <command>start
-s</command> in that the modification times of the files in
<filename>/etc/shorewall</filename> are compare with that of
<filename>/var/lib/shorewall/restore</filename>. If set to No, then
the times are compared with that of /var/lib/shorewall/firewall
which is consistant with the way that <command>restart -f</command>
works.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis <term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

7
manpages/shorewall.xml
View File

@ -1415,6 +1415,13 @@
<emphasis role="bold">-f</emphasis> is given, a <emphasis role="bold">-f</emphasis> is given, a
<replaceable>directory</replaceable> may not be specified.</para> <replaceable>directory</replaceable> may not be specified.</para>
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
added to <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).
When LEGACY_FASTSTART=No, the modificaiotn times of files in
/etc/shorewall are compared with that of /var/lib/shorewall/firewall
(the compiled script that last started/restarted the
firewall).</para>
<para>The <option>-n</option> option causes Shorewall to avoid <para>The <option>-n</option> option causes Shorewall to avoid
updating the routing table(s).</para> updating the routing table(s).</para>

26
manpages6/shorewall6.conf.xml
View File

@ -78,7 +78,7 @@
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -88,7 +88,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -98,7 +98,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -108,7 +108,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -118,7 +118,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
role="bold">none</emphasis>}</term> role="bold">none</emphasis>}</term>
<listitem> <listitem>
@ -724,6 +724,22 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">LEGACY_FASTSTART=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>Added in Shorewall6 4.4.20. If not specified, the default is
Yes which preserves the legacy behavior of <command>start
-s</command> in that the modification times of the files in
<filename>/etc/shorewall6</filename> are compare with that of
<filename>/var/lib/shorewall6/restore</filename>. If set to No, then
the times are compared with that of /var/lib/shorewall6/firewall
which is consistant with the way that <command>restart -f</command>
works.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis <term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>

8
manpages6/shorewall6.xml
View File

@ -1176,6 +1176,14 @@
role="bold">-f</emphasis> is given, a role="bold">-f</emphasis> is given, a
<replaceable>directory</replaceable> may not be specified.</para> <replaceable>directory</replaceable> may not be specified.</para>
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
was added to <ulink
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). When
LEGACY_FASTSTART=No, the modificaiotn times of files in
/etc/shorewall6 are compared with that of
/var/lib/shorewall6/firewall (the compiled script that last
started/restarted the firewall).</para>
<para>The <option>-n</option> option causes Shorewall6 to avoid <para>The <option>-n</option> option causes Shorewall6 to avoid
updating the routing table(s).</para> updating the routing table(s).</para>
</listitem> </listitem>