forked from extern/shorewall_code
Implement LEGACY_FASTSTART option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
981b503fa4
commit
5d04c93a16
@ -540,6 +540,7 @@ sub initialize( $ ) {
|
||||
FORWARD_CLEAR_MARK => undef,
|
||||
COMPLETE => undef,
|
||||
EXPORTMODULES => undef,
|
||||
LEGACY_FASTSTART => undef,
|
||||
#
|
||||
# Packet Disposition
|
||||
#
|
||||
@ -3309,6 +3310,7 @@ sub get_configuration( $ ) {
|
||||
default_yes_no 'FORWARD_CLEAR_MARK' , have_capability 'MARK' ? 'Yes' : '';
|
||||
default_yes_no 'COMPLETE' , '';
|
||||
default_yes_no 'EXPORTMODULES' , '';
|
||||
default_yes_no 'LEGACY_FASTSTART' , '';
|
||||
|
||||
require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
|
||||
|
||||
|
@ -2,6 +2,8 @@ Changes in Shorewall 4.4.20 Beta 4
|
||||
|
||||
1) Smarten up the tc devnum algorithm.
|
||||
|
||||
2) Implement LEGACY_FASTSTART option.
|
||||
|
||||
Changes in Shorewall 4.4.20 Beta 3
|
||||
|
||||
1) Add auditing support.
|
||||
|
@ -198,6 +198,8 @@ EXPORTMODULES=Yes
|
||||
|
||||
ACCOUNTING_TABLE=filter
|
||||
|
||||
LEGACY_FASTSTART=No
|
||||
|
||||
###############################################################################
|
||||
# P A C K E T D I S P O S I T I O N
|
||||
###############################################################################
|
||||
|
@ -135,6 +135,17 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
output of 'shorewall show actions' whose names begin with a
|
||||
lower-case letter.
|
||||
|
||||
6) Up to this release, the behaviors of 'start -f' and 'restart -f'
|
||||
were inconsistent. The 'start -f' command compares the modification
|
||||
times of /etc/shorewall[6] with /var/lib/shorewall[6]/restore while
|
||||
'restart -f' compares with /var/lib/shorewall[6]/firewall.
|
||||
|
||||
To make the two consistent, a new LEGACY_FASTSTART option has been
|
||||
added. The default value when the option isn't specified is
|
||||
LEGACY_FASTSTART=Yes which preserves the old behavior. When
|
||||
LEGACY_FASTSTART=No, both commands compare with
|
||||
/var/lib/shorewall[6]/firewall.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I V. R E L E A S E 4 . 4 H I G H L I G H T S
|
||||
----------------------------------------------------------------------------
|
||||
|
@ -298,6 +298,24 @@ get_config() {
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
case $LEGACY_FASTSTART in
|
||||
Yes|yes)
|
||||
;;
|
||||
No|no)
|
||||
LEGACY_FASTSTART=
|
||||
;;
|
||||
*)
|
||||
if [ -n "$LEGACY_FASTSTART" ]; then
|
||||
echo " ERROR: Invalid LEGACY_FASTSTART setting (LEGACY_FASTSTART)" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LEGACY_FASTSTART=Yes
|
||||
;;
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
@ -312,8 +330,8 @@ startup_error() {
|
||||
#
|
||||
# Determine if there are config files newer than the passed object
|
||||
#
|
||||
upofdate() {
|
||||
[ -z "$(find ${CONFDIR} -newer $1)" ]
|
||||
uptodate() {
|
||||
[ -f $1 ] && [ -z "$(find ${CONFDIR} -newer $1)" ]
|
||||
}
|
||||
|
||||
#
|
||||
@ -481,7 +499,7 @@ start_command() {
|
||||
esac
|
||||
|
||||
if [ -n "${g_fast}${AUTOMAKE}" ]; then
|
||||
if [ -z "$g_fast" ]; then
|
||||
if [ -z "$g_fast" -o -z "$LEGACY_FASTSTART" ]; then
|
||||
#
|
||||
# Automake -- use the last compiled script
|
||||
#
|
||||
|
@ -224,6 +224,22 @@ get_config() {
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
case $LEGACY_FASTSTART in
|
||||
Yes|yes)
|
||||
;;
|
||||
No|no)
|
||||
LEGACY_FASTSTART=
|
||||
;;
|
||||
*)
|
||||
if [ -n "$LEGACY_FASTSTART" ]; then
|
||||
echo " ERROR: Invalid LEGACY_FASTSTART setting (LEGACY_FASTSTART)" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LEGACY_FASTSTART=Yes
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
#
|
||||
@ -239,7 +255,7 @@ startup_error() {
|
||||
# Determine if there are config files newer than the passed object
|
||||
#
|
||||
uptodate() {
|
||||
[ -z "$(find ${CONFDIR} -newer $1)" ]
|
||||
[ -f $1 ] && [ -z "$(find ${CONFDIR} -newer $1)" ]
|
||||
}
|
||||
|
||||
#
|
||||
@ -413,7 +429,7 @@ start_command() {
|
||||
esac
|
||||
|
||||
if [ -n "${g_fast}${AUTOMAKE}" ]; then
|
||||
if [ -z "$g_fast" ]; then
|
||||
if [ -z "$g_fast" -o -z "$LEGACY_FASTSTART" ]; then
|
||||
#
|
||||
# Autofast -- use the last compiled script
|
||||
#
|
||||
|
@ -161,6 +161,8 @@ EXPORTMODULES=Yes
|
||||
|
||||
ACCOUNTING_TABLE=filter
|
||||
|
||||
LEGACY_FASTSTART=No
|
||||
|
||||
###############################################################################
|
||||
# P A C K E T D I S P O S I T I O N
|
||||
###############################################################################
|
||||
|
@ -360,6 +360,13 @@
|
||||
<filename>/etc/sysconfig/shorewall</filename> (if your distribution
|
||||
provides neither of these files, you must create one or the
|
||||
other).</para>
|
||||
|
||||
<para><emphasis role="bold">Update</emphasis>: In Shorewall 4.4.20, a
|
||||
new LEGACY_FASTSTART option was added to <ulink
|
||||
url="manpages/shorewall.conf.html">/etc/shorewall/shorewall.conf</ulink>.
|
||||
When LEGACY_FASTSTART=No, the compiled script that did the last
|
||||
successful <command role="bold">start</command> or <command
|
||||
role="bold">restart</command> will be used.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
@ -79,7 +79,7 @@
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -89,7 +89,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -99,7 +99,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -109,7 +109,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -119,7 +119,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -835,6 +835,22 @@ net all DROP info</programlisting>then the chain name is 'net2all'
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">LEGACY_FASTSTART=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.20. If not specified, the default is
|
||||
Yes which preserves the legacy behavior of <command>start
|
||||
-s</command> in that the modification times of the files in
|
||||
<filename>/etc/shorewall</filename> are compare with that of
|
||||
<filename>/var/lib/shorewall/restore</filename>. If set to No, then
|
||||
the times are compared with that of /var/lib/shorewall/firewall
|
||||
which is consistant with the way that <command>restart -f</command>
|
||||
works.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
@ -1415,6 +1415,13 @@
|
||||
<emphasis role="bold">-f</emphasis> is given, a
|
||||
<replaceable>directory</replaceable> may not be specified.</para>
|
||||
|
||||
<para>Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was
|
||||
added to <ulink url="shorewall.conf.html">shorewall.conf</ulink>(5).
|
||||
When LEGACY_FASTSTART=No, the modificaiotn times of files in
|
||||
/etc/shorewall are compared with that of /var/lib/shorewall/firewall
|
||||
(the compiled script that last started/restarted the
|
||||
firewall).</para>
|
||||
|
||||
<para>The <option>-n</option> option causes Shorewall to avoid
|
||||
updating the routing table(s).</para>
|
||||
|
||||
|
@ -78,7 +78,7 @@
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">ACCEPT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -88,7 +88,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">DROP_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -98,7 +98,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">REJECT_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -108,7 +108,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">QUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -118,7 +118,7 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis>macro</emphasis>|<emphasis
|
||||
role="bold">NFQUEUE_DEFAULT=</emphasis>{<emphasis>action</emphasis>|<emphasis
|
||||
role="bold">none</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
@ -724,6 +724,22 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">LEGACY_FASTSTART=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall6 4.4.20. If not specified, the default is
|
||||
Yes which preserves the legacy behavior of <command>start
|
||||
-s</command> in that the modification times of the files in
|
||||
<filename>/etc/shorewall6</filename> are compare with that of
|
||||
<filename>/var/lib/shorewall6/restore</filename>. If set to No, then
|
||||
the times are compared with that of /var/lib/shorewall6/firewall
|
||||
which is consistant with the way that <command>restart -f</command>
|
||||
works.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">LOAD_HELPERS_ONLY=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
@ -1176,6 +1176,14 @@
|
||||
role="bold">-f</emphasis> is given, a
|
||||
<replaceable>directory</replaceable> may not be specified.</para>
|
||||
|
||||
<para>Update: In Shorewall6 4.4.20, a new LEGACY_FASTSTART option
|
||||
was added to <ulink
|
||||
url="shorewall6.conf.html">shorewall6.conf</ulink>(5). When
|
||||
LEGACY_FASTSTART=No, the modificaiotn times of files in
|
||||
/etc/shorewall6 are compared with that of
|
||||
/var/lib/shorewall6/firewall (the compiled script that last
|
||||
started/restarted the firewall).</para>
|
||||
|
||||
<para>The <option>-n</option> option causes Shorewall6 to avoid
|
||||
updating the routing table(s).</para>
|
||||
</listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user