Split restore-base into two files

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1788 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -162,3 +162,5 @@ Changes since 2.0.3
 78) Implement variable expansion in INCLUDE directives
 
 79) More fixes for "shorewall delete" with bridging.
+
+80) Split restore-base into two files.

Shorewall2/firewall

@@ -6558,9 +6558,28 @@ define_firewall() # $1 = Command (Start or Restart)
     [ -n "$aliases_to_add" ] && \
 	echo "Adding IP Addresses..." &&       add_ip_aliases
 
+    for file in chains nat proxyarp zones; do
+	append_file $file
+    done
+    
+    save_progress_message "Restoring Netfilter Configuration..."
+
+    save_command 'iptables-restore << __EOF__'
+
+    # 'shorewall save' appends the iptables-save output and '__EOF__'
+
+    mv -f $RESTOREBASE /var/lib/shorewall/restore-base-$$
+
+    > $RESTOREBASE
+
+    save_command "#"
+    save_command "# Restore tail file generated by Shorewall $version - $(date)"
+    save_command "#"
+    save_command "date > $STATEDIR/restarted"
+
     run_user_exit start
 
-    [ -n "$DELAYBLACKLISTLOAD" ] &&          refresh_blacklist
+    [ -n "$DELAYBLACKLISTLOAD" ] && refresh_blacklist
 
     createchain shorewall no
 
@@ -6570,19 +6589,8 @@ define_firewall() # $1 = Command (Start or Restart)
 
     rm -rf $TMP_DIR
 
-    for file in chains nat proxyarp zones; do
-	append_file $file
-    done
-    
-    save_command "date > $STATEDIR/restarted"
-
-    save_progress_message "Restoring Netfilter Configuration..."
-
-    save_command 'iptables-restore << __EOF__'
-
-    # 'shorewall save' appends the iptables-save output and '__EOF__'
-
-    mv -f $RESTOREBASE /var/lib/shorewall/restore-base
+    mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
+    mv -f $RESTOREBASE /var/lib/shorewall/restore-tail    
 
 }
 

Shorewall2/releasenotes.txt

@@ -154,6 +154,21 @@ Problems corrected since 2.2.0 Beta 6:
 	   shorewall add br0:eth2:192.168.1.3 OK
 	   shorewall delete br0:eth2:192.168.1.3 OK
 
+2) Previously, "shorewall save" created an out-of-sequence restore
+   script. The commands saved in the user's /etc/shorewall/start script
+   were executed prior to the Netfilter configuration being
+   restored. This has been corrected so that "shorewall save" now
+   places those commands at the end of the script. 
+
+   To accomplish this change, the "restore base" file
+   (/var/lib/shorewall/restore-base) has been split into two files:
+
+   /var/lib/shorewall/restore-base -- commands to be executed before
+   Netfilter the configuration is restored.
+
+   /var/lib/shorewall/restore-tail -- commands to be executed after the
+   Netfilter configuration is restored.
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.1:
 

Shorewall2/shorewall

@@ -1161,7 +1161,9 @@ case "$1" in
 				cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$
 				if iptables-save | iptablesbug >> /var/lib/shorewall/restore-$$ ; then
 				    echo __EOF__ >> /var/lib/shorewall/restore-$$
-				    mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH
+				    [ -f /var/lib/shorewall/restore-tail ] && \
+					cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$
+				    mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH 
 				    chmod +x $RESTOREPATH
 				    echo "   Currently-running Configuration Saved to $RESTOREPATH"
 				else