holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Centralize exporting

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-03-02 16:03:44 -08:00
parent cce4bf277a
commit 78a39ccad5
4 changed files with 194 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
Shorewall-lite/shorewall-lite
View File

@ -117,8 +117,6 @@ get_config() {
[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:" [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
export LOGFORMAT
if [ -n "$IPTABLES" ]; then if [ -n "$IPTABLES" ]; then
if [ ! -x "$IPTABLES" ]; then if [ ! -x "$IPTABLES" ]; then
echo " ERROR: The program specified in IPTABLES does not exist or is not executable" >&2 echo " ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
@ -132,8 +130,6 @@ get_config() {
fi fi
fi fi
export IPTABLES
if [ -n "$SHOREWALL_SHELL" ]; then if [ -n "$SHOREWALL_SHELL" ]; then
if [ ! -x "$SHOREWALL_SHELL" ]; then if [ ! -x "$SHOREWALL_SHELL" ]; then
echo " WARNING: The program specified in SHOREWALL_SHELL does not exist or is not executable; falling back to /bin/sh" >&2 echo " WARNING: The program specified in SHOREWALL_SHELL does not exist or is not executable; falling back to /bin/sh" >&2
@ -145,14 +141,10 @@ get_config() {
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
export RESTOREFILE
[ -n "${VERBOSITY:=2}" ] [ -n "${VERBOSITY:=2}" ]
[ -n "$g_use_verbosity" ] && VERBOSITY=$g_use_verbosity || VERBOSITY=$(($g_verbose_offset + $VERBOSITY)) [ -n "$g_use_verbosity" ] && VERBOSITY=$g_use_verbosity || VERBOSITY=$(($g_verbose_offset + $VERBOSITY))
export VERBOSITY
g_hostname=$(hostname 2> /dev/null) g_hostname=$(hostname 2> /dev/null)
} }
@ -174,6 +166,35 @@ verify_firewall_script() {
fi fi
} }
#
# Do required exports and run $SHOREWALL_SHELL
#
do_exports() {
export RESTOREFILE
export VERBOSITY
export NOROUTES
export PURGE
export TIMESTAMP
export PATH
export RECOVERING
export LOGFORMAT
export IPTABLES
}
#
# Do required exports and run or exec $SHOREWALL_SHELL
#
run_it() {
do_exports
$SHOREWALL_SHELL $@
}
exec_it() {
do_exports
exec $SHOREWALL_SHELL $@
}
# #
# Start Command Executor # Start Command Executor
# #
@ -187,7 +208,7 @@ start_command() {
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if [ -x ${LITEDIR}/firewall ]; then if [ -x ${LITEDIR}/firewall ]; then
${LITEDIR}/firewall $debugging start run_it ${LITEDIR}/firewall $debugging start
rc=$? rc=$?
else else
error_message "${LITEDIR}/firewall is missing or is not executable" error_message "${LITEDIR}/firewall is missing or is not executable"
@ -219,7 +240,7 @@ start_command() {
option= option=
;; ;;
f*) f*)
FAST=Yes g_fast=Yes
option=${option#f} option=${option#f}
;; ;;
p*) p*)
@ -248,37 +269,21 @@ start_command() {
;; ;;
esac esac
export NOROUTES if [ -n "$g_fast" ]; then
export PURGE
if [ -n "$FAST" ]; then
if qt mywhich make; then if qt mywhich make; then
# export RESTOREFILE
# RESTOREFILE is exported by get_config() make -qf ${CONFDIR}/Makefile || g_fast=
#
make -qf ${CONFDIR}/Makefile || FAST=
fi fi
if [ -n "$FAST" ]; then if [ -n "$g_fast" ]; then
RESTOREPATH=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then
if [ -x ${RESTOREPATH}-ipsets ]; then
echo Restoring Ipsets...
#
# We must purge iptables to be sure that there are no
# references to ipsets
#
iptables -F
iptables -X
$SHOREWALL_SHELL ${RESTOREPATH}-ipsets
fi
if [ -x $g_restorepath ]; then
echo Restoring Shorewall Lite... echo Restoring Shorewall Lite...
$SHOREWALL_SHELL $RESTOREPATH restore run_it $g_restorepath restore
date > ${VARDIR}/restarted date > ${VARDIR}/restarted
progress_message3 Shorewall Lite restored from $RESTOREPATH progress_message3 Shorewall Lite restored from $g_restorepath
else else
do_it do_it
fi fi
@ -343,13 +348,10 @@ restart_command() {
;; ;;
esac esac
export NOROUTES
export PURGE
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if [ -x ${LITEDIR}/firewall ]; then if [ -x ${LITEDIR}/firewall ]; then
$SHOREWALL_SHELL ${LITEDIR}/firewall $debugging restart run_it ${LITEDIR}/firewall $debugging restart
rc=$? rc=$?
else else
error_message "${LITEDIR}/firewall is missing or is not executable" error_message "${LITEDIR}/firewall is missing or is not executable"
@ -425,16 +427,13 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
shift shift
fi fi
IPT_OPTIONS="-nv" g_ipt_options="-nv"
FAST= g_fast=
g_verbose_offset=0 g_verbose_offset=0
g_use_verbosity= g_use_verbosity=
NOROUTES= NOROUTES=
EXPORT= TIMESTAMP=
export TIMESTAMP=
noroutes=
RECOVERING= RECOVERING=
export RECOVERING
finished=0 finished=0
@ -453,7 +452,7 @@ while [ $finished -eq 0 ]; do
while [ -n "$option" ]; do while [ -n "$option" ]; do
case $option in case $option in
x*) x*)
IPT_OPTIONS="-xnv" g_ipt_options="-xnv"
option=${option#x} option=${option#x}
;; ;;
q*) q*)
@ -461,7 +460,7 @@ while [ $finished -eq 0 ]; do
option=${option#q} option=${option#q}
;; ;;
f*) f*)
FAST=Yes g_fast=Yes
option=${option#f} option=${option#f}
;; ;;
v*) v*)
@ -519,7 +518,6 @@ if [ $# -eq 0 ]; then
fi fi
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
MUTEX_TIMEOUT= MUTEX_TIMEOUT=
SHAREDIR=/usr/share/shorewall-lite SHAREDIR=/usr/share/shorewall-lite
@ -610,12 +608,11 @@ case "$COMMAND" in
stop|clear) stop|clear)
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
verify_firewall_script verify_firewall_script
export NOROUTES exec_it $g_firewall $debugging $nolock $COMMAND
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $COMMAND
;; ;;
reset) reset)
verify_firewall_script verify_firewall_script
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $@ exec_it $SHOREWALL_SHELL $g_firewall $debugging $nolock $@
;; ;;
restart) restart)
shift shift
@ -731,7 +728,7 @@ case "$COMMAND" in
;; ;;
esac esac
RESTOREPATH=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
[ "$nolock" ] || mutex_on [ "$nolock" ] || mutex_on
@ -753,20 +750,20 @@ case "$COMMAND" in
esac esac
RESTOREPATH=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then if [ -x $g_restorepath ]; then
if [ -x ${RESTOREPATH}-ipsets ]; then if [ -x ${g_restorepath}-ipsets ]; then
rm -f ${RESTOREPATH}-ipsets rm -f ${g_restorepath}-ipsets
echo " ${RESTOREPATH}-ipsets removed" echo " ${g_restorepath}-ipsets removed"
fi fi
rm -f $RESTOREPATH rm -f $g_restorepath
rm -f ${RESTOREPATH}-iptables rm -f ${g_restorepath}-iptables
echo " $RESTOREPATH removed" echo " $g_restorepath removed"
elif [ -f $RESTOREPATH ]; then elif [ -f $g_restorepath ]; then
echo " $RESTOREPATH exists and is not a saved Shorewall configuration" echo " $g_restorepath exists and is not a saved Shorewall configuration"
fi fi
rm -f ${VARDIR}/save rm -f ${VARDIR}/save
;; ;;

71
Shorewall/shorewall
View File

@ -161,8 +161,6 @@ get_config() {
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
export RESTOREFILE
if [ "$2" = Yes ]; then if [ "$2" = Yes ]; then
case $STARTUP_ENABLED in case $STARTUP_ENABLED in
No|no|NO) No|no|NO)
@ -254,8 +252,6 @@ get_config() {
VERBOSITY=2 VERBOSITY=2
fi fi
export VERBOSITY
g_hostname=$(hostname 2> /dev/null) g_hostname=$(hostname 2> /dev/null)
[ -n "$RSH_COMMAND" ] || RSH_COMMAND='ssh ${root}@${system} ${command}' [ -n "$RSH_COMMAND" ] || RSH_COMMAND='ssh ${root}@${system} ${command}'
@ -360,7 +356,22 @@ compiler() {
set +a set +a
perl $debugflags /usr/share/shorewall/compiler.pl $options $@ perl $debugflags /usr/share/shorewall/compiler.pl $options $@
} }
#
# Do required exports and run $SHOREWALL_SHELL
#
run_it() {
export RESTOREFILE
export VERBOSITY
export NOROUTES
export PURGE
export TIMESTAMP
export PATH
export RECOVERING
$SHOREWALL_SHELL $@
}
# #
# Start Command Executor # Start Command Executor
@ -376,7 +387,7 @@ start_command() {
if [ -n "$AUTOMAKE" ]; then if [ -n "$AUTOMAKE" ]; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
${VARDIR}/firewall $g_debugging start run_it ${VARDIR}/firewall $g_debugging start
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -384,7 +395,7 @@ start_command() {
if compiler $g_debugging $nolock compile ${VARDIR}/.start; then if compiler $g_debugging $nolock compile ${VARDIR}/.start; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
${VARDIR}/.start $g_debugging start run_it ${VARDIR}/.start $g_debugging start
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -463,14 +474,8 @@ start_command() {
;; ;;
esac esac
export NOROUTES
export PURGE
if [ -n "${g_fast}${AUTOMAKE}" ]; then if [ -n "${g_fast}${AUTOMAKE}" ]; then
if qt mywhich make; then if qt mywhich make; then
#
# RESTOREFILE is exported by get_config()
#
restorefile=$RESTOREFILE restorefile=$RESTOREFILE
if [ -z "$g_fast" ]; then if [ -z "$g_fast" ]; then
@ -480,8 +485,10 @@ start_command() {
RESTOREFILE=firewall RESTOREFILE=firewall
fi fi
if ! make -qf ${CONFDIR}/Makefile; then export RESTOREFILE
g_fast=
if make -qf ${CONFDIR}/Makefile; then
g_fast=
AUTOMAKE= AUTOMAKE=
fi fi
@ -496,7 +503,7 @@ start_command() {
if [ -x $g_restorepath ]; then if [ -x $g_restorepath ]; then
echo Restoring Shorewall... echo Restoring Shorewall...
$SHOREWALL_SHELL $g_restorepath restore run_it $g_restorepath restore
date > ${VARDIR}/restarted date > ${VARDIR}/restarted
progress_message3 Shorewall restored from $g_restorepath progress_message3 Shorewall restored from $g_restorepath
else else
@ -746,9 +753,6 @@ restart_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
export PURGE
if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then
if qt mywhich make; then if qt mywhich make; then
# #
@ -766,7 +770,7 @@ restart_command() {
if compiler $g_debugging $nolock compile ${VARDIR}/.restart; then if compiler $g_debugging $nolock compile ${VARDIR}/.restart; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/.restart $g_debugging restart run_it ${VARDIR}/.restart $g_debugging restart
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -776,7 +780,8 @@ restart_command() {
else else
[ -x ${VARDIR}/firewall ] || fatal_error "No ${VARDIR}/firewall file found" [ -x ${VARDIR}/firewall ] || fatal_error "No ${VARDIR}/firewall file found"
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/firewall $g_debugging restart do_export
run_it ${VARDIR}/firewall $g_debugging restart
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
fi fi
@ -830,13 +835,11 @@ refresh_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
progress_message3 "Compiling..." progress_message3 "Compiling..."
if compiler $g_debugging $nolock compile ${VARDIR}/.refresh; then if compiler $g_debugging $nolock compile ${VARDIR}/.refresh; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/.refresh $g_debugging refresh run_it ${VARDIR}/.refresh $g_debugging refresh
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -941,11 +944,11 @@ safe_commands() {
case $command in case $command in
start) start)
export RESTOREFILE=NONE RESTOREFILE=NONE
progress_message3 "Starting..." progress_message3 "Starting..."
;; ;;
restart) restart)
export RESTOREFILE=.safe RESTOREFILE=.safe
g_restorepath=${VARDIR}/.safe g_restorepath=${VARDIR}/.safe
save_config save_config
progress_message3 "Restarting..." progress_message3 "Restarting..."
@ -1077,11 +1080,11 @@ try_command() {
case $command in case $command in
start) start)
export RESTOREFILE=NONE RESTOREFILE=NONE
progress_message3 "Starting..." progress_message3 "Starting..."
;; ;;
restart) restart)
export RESTOREFILE=.try RESTOREFILE=.try
g_restorepath=${VARDIR}/.try g_restorepath=${VARDIR}/.try
save_config save_config
progress_message3 "Restarting..." progress_message3 "Restarting..."
@ -1407,7 +1410,6 @@ fi
SHOREWALL_DIR= SHOREWALL_DIR=
NOROUTES= NOROUTES=
PURGE= PURGE=
export TIMESTAMP=
g_ipt_options="-nv" g_ipt_options="-nv"
g_fast= g_fast=
@ -1558,13 +1560,13 @@ if [ $# -eq 0 ]; then
fi fi
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
MUTEX_TIMEOUT= MUTEX_TIMEOUT=
SHAREDIR=/usr/share/shorewall SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall CONFDIR=/etc/shorewall
g_product="Shorewall" g_product="Shorewall"
export RECOVERING= RECOVERING=
TIMESTAMP=
[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir
@ -1629,18 +1631,17 @@ case "$COMMAND" in
get_config get_config
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
[ -x $g_firewall ] || fatal_error "Shorewall has never been started" [ -x $g_firewall ] || fatal_error "Shorewall has never been started"
export NOROUTES
mutex_on mutex_on
$SHOREWALL_SHELL $g_firewall $g_debugging $nolock $COMMAND run_it $g_firewall $g_debugging $nolock $COMMAND
mutex_off mutex_off
;; ;;
reset) reset)
get_config get_config
export NOROUTES
shift shift
mutex_on mutex_on
[ -x $g_firewall ] || fatal_error "Shorewall has never been started" [ -x $g_firewall ] || fatal_error "Shorewall has never been started"
$SHOREWALL_SHELL $g_firewall $g_debugging $nolock reset $@ do_exports
run_it $g_firewall $g_debugging $nolock reset $@
mutex_off mutex_off
;; ;;
compile) compile)

127
Shorewall6-lite/shorewall6-lite
View File

@ -117,8 +117,6 @@ get_config() {
[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:" [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
export LOGFORMAT
if [ -n "$IP6TABLES" ]; then if [ -n "$IP6TABLES" ]; then
if [ ! -x "$IP6TABLES" ]; then if [ ! -x "$IP6TABLES" ]; then
echo " ERROR: The program specified in IP6TABLES does not exist or is not executable" >&2 echo " ERROR: The program specified in IP6TABLES does not exist or is not executable" >&2
@ -132,8 +130,6 @@ get_config() {
fi fi
fi fi
export IP6TABLES
if [ -n "$SHOREWALL_SHELL" ]; then if [ -n "$SHOREWALL_SHELL" ]; then
if [ ! -x "$SHOREWALL_SHELL" ]; then if [ ! -x "$SHOREWALL_SHELL" ]; then
echo " WARNING: The program specified in SHOREWALL_SHELL does not exist or is not executable; falling back to /bin/sh" >&2 echo " WARNING: The program specified in SHOREWALL_SHELL does not exist or is not executable; falling back to /bin/sh" >&2
@ -145,14 +141,10 @@ get_config() {
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
export RESTOREFILE
[ -n "${VERBOSITY:=2}" ] [ -n "${VERBOSITY:=2}" ]
[ -n "$g_use_verbosity" ] && VERBOSITY=$g_use_verbosity || VERBOSITY=$(($g_verbose_offset + $VERBOSITY)) [ -n "$g_use_verbosity" ] && VERBOSITY=$g_use_verbosity || VERBOSITY=$(($g_verbose_offset + $VERBOSITY))
export VERBOSITY
g_hostname=$(hostname 2> /dev/null) g_hostname=$(hostname 2> /dev/null)
} }
@ -174,6 +166,35 @@ verify_firewall_script() {
fi fi
} }
#
# Do required exports and run $SHOREWALL_SHELL
#
do_exports() {
export RESTOREFILE
export VERBOSITY
export NOROUTES
export PURGE
export TIMESTAMP
export PATH
export RECOVERING
export LOGFORMAT
export IP6TABLES
}
#
# Do required exports and run or exec $SHOREWALL_SHELL
#
run_it() {
do_exports
$SHOREWALL_SHELL $@
}
exec_it() {
do_exports
exec $SHOREWALL_SHELL $@
}
# #
# Start Command Executor # Start Command Executor
# #
@ -187,7 +208,7 @@ start_command() {
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if [ -x ${LITEDIR}/firewall ]; then if [ -x ${LITEDIR}/firewall ]; then
${LITEDIR}/firewall $debugging start run_it ${LITEDIR}/firewall $debugging start
rc=$? rc=$?
else else
error_message "${LITEDIR}/firewall is missing or is not executable" error_message "${LITEDIR}/firewall is missing or is not executable"
@ -219,7 +240,7 @@ start_command() {
option= option=
;; ;;
f*) f*)
FAST=Yes g_fast=Yes
option=${option#f} option=${option#f}
;; ;;
p*) p*)
@ -244,41 +265,24 @@ start_command() {
0) 0)
;; ;;
*) *)
usage 1 usage 1 ;;
;;
esac esac
export NOROUTES if [ -n "$g_fast" ]; then
export PURGE
if [ -n "$FAST" ]; then
if qt mywhich make; then if qt mywhich make; then
# export RESTOREFILE
# RESTOREFILE is exported by get_config() make -qf ${CONFDIR}/Makefile || g_fast=
#
make -qf ${CONFDIR}/Makefile || FAST=
fi fi
if [ -n "$FAST" ]; then if [ -n "$g_fast" ]; then
RESTOREPATH=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then
if [ -x ${RESTOREPATH}-ipsets ]; then
echo Restoring Ipsets...
#
# We must purge iptables to be sure that there are no
# references to ipsets
#
iptables -F
iptables -X
$SHOREWALL_SHELL ${RESTOREPATH}-ipsets
fi
if [ -x $g_restorepath ]; then
echo Restoring Shorewall6 Lite... echo Restoring Shorewall6 Lite...
$SHOREWALL_SHELL $RESTOREPATH restore run_it $g_restorepath restore
date > ${VARDIR}/restarted date > ${VARDIR}/restarted
progress_message3 Shorewall6 Lite restored from $RESTOREPATH progress_message3 Shorewall6 Lite restored from $g_restorepath
else else
do_it do_it
fi fi
@ -343,13 +347,10 @@ restart_command() {
;; ;;
esac esac
export NOROUTES
export PURGE
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if [ -x ${LITEDIR}/firewall ]; then if [ -x ${LITEDIR}/firewall ]; then
$SHOREWALL_SHELL ${LITEDIR}/firewall $debugging restart run_it ${LITEDIR}/firewall $debugging restart
rc=$? rc=$?
else else
error_message "${LITEDIR}/firewall is missing or is not executable" error_message "${LITEDIR}/firewall is missing or is not executable"
@ -410,16 +411,14 @@ if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
shift shift
fi fi
IPT_OPTIONS="-nv" g_ipt_options="-nv"
FAST= g_fast=
g_verbose_offset=0 g_verbose_offset=0
g_use_verbosity= g_use_verbosity=
NOROUTES= NOROUTES=
EXPORT= TIMESTAMP=
export TIMESTAMP=
RECOVERING= RECOVERING=
export RECOVERING PURGE=
noroutes=
finished=0 finished=0
@ -438,7 +437,7 @@ while [ $finished -eq 0 ]; do
while [ -n "$option" ]; do while [ -n "$option" ]; do
case $option in case $option in
x*) x*)
IPT_OPTIONS="-xnv" g_ipt_options="-xnv"
option=${option#x} option=${option#x}
;; ;;
q*) q*)
@ -446,7 +445,7 @@ while [ $finished -eq 0 ]; do
option=${option#q} option=${option#q}
;; ;;
f*) f*)
FAST=Yes g_fast=Yes
option=${option#f} option=${option#f}
;; ;;
v*) v*)
@ -504,7 +503,6 @@ if [ $# -eq 0 ]; then
fi fi
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
MUTEX_TIMEOUT= MUTEX_TIMEOUT=
SHAREDIR=/usr/share/shorewall6-lite SHAREDIR=/usr/share/shorewall6-lite
@ -517,11 +515,10 @@ g_product="Shorewall6 Lite"
[ -d $VARDIR ] || mkdir -p $VARDIR || fatal_error "Unable to create $VARDIR" [ -d $VARDIR ] || mkdir -p $VARDIR || fatal_error "Unable to create $VARDIR"
LIBRARIES="$SHAREDIR/lib.base $SHAREDIR/lib.cli" libraries="$SHAREDIR/lib.base $SHAREDIR/lib.cli"
version_file=$SHAREDIR/version version_file=$SHAREDIR/version
HELP=$SHAREDIR/help
for library in $LIBRARIES; do for library in $libraries; do
if [ -f $library ]; then if [ -f $library ]; then
. $library . $library
else else
@ -547,7 +544,6 @@ else
fi fi
ensure_config_path ensure_config_path
export CONFIG_PATH
LITEDIR=${VARDIR} LITEDIR=${VARDIR}
@ -597,8 +593,7 @@ case "$COMMAND" in
stop|reset|clear) stop|reset|clear)
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
verify_firewall_script verify_firewall_script
export NOROUTES exec_it $g_firewall $debugging $nolock $COMMAND
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $COMMAND
;; ;;
restart) restart)
shift shift
@ -704,7 +699,7 @@ case "$COMMAND" in
;; ;;
esac esac
RESTOREPATH=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
[ "$nolock" ] || mutex_on [ "$nolock" ] || mutex_on
@ -726,20 +721,20 @@ case "$COMMAND" in
esac esac
RESTOREPATH=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $RESTOREPATH ]; then if [ -x $g_restorepath ]; then
if [ -x ${RESTOREPATH}-ipsets ]; then if [ -x ${g_restorepath}-ipsets ]; then
rm -f ${RESTOREPATH}-ipsets rm -f ${g_restorepath}-ipsets
echo " ${RESTOREPATH}-ipsets removed" echo " ${g_restorepath}-ipsets removed"
fi fi
rm -f $RESTOREPATH rm -f $g_restorepath
rm -f ${RESTOREPATH}-iptables rm -f ${g_restorepath}-iptables
echo " $RESTOREPATH removed" echo " $g_restorepath removed"
elif [ -f $RESTOREPATH ]; then elif [ -f $g_restorepath ]; then
echo " $RESTOREPATH exists and is not a saved Shorewall6 configuration" echo " $g_restorepath exists and is not a saved Shorewall6 configuration"
fi fi
rm -f ${VARDIR}/save rm -f ${VARDIR}/save
;; ;;

79
Shorewall6/shorewall6
View File

@ -99,8 +99,6 @@ get_config() {
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
export RESTOREFILE
if [ "$2" = Yes ]; then if [ "$2" = Yes ]; then
case $STARTUP_ENABLED in case $STARTUP_ENABLED in
No|no|NO) No|no|NO)
@ -180,8 +178,6 @@ get_config() {
VERBOSITY=2 VERBOSITY=2
fi fi
export VERBOSITY
g_hostname=$(hostname 2> /dev/null) g_hostname=$(hostname 2> /dev/null)
[ -n "$RSH_COMMAND" ] || RSH_COMMAND='ssh ${root}@${system} ${command}' [ -n "$RSH_COMMAND" ] || RSH_COMMAND='ssh ${root}@${system} ${command}'
@ -302,6 +298,21 @@ compiler() {
$command perl $debugflags $pc $options $@ $command perl $debugflags $pc $options $@
} }
#
# Do required exports and run $SHOREWALL_SHELL
#
run_it() {
export RESTOREFILE
export VERBOSITY
export NOROUTES
export PURGE
export TIMESTAMP
export PATH
export RECOVERING
$SHOREWALL_SHELL $@
}
# #
# Start Command Executor # Start Command Executor
# #
@ -316,7 +327,7 @@ start_command() {
if [ -n "$AUTOMAKE" ]; then if [ -n "$AUTOMAKE" ]; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
${VARDIR}/firewall $g_debugging start run_it ${VARDIR}/firewall $g_debugging start
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -324,7 +335,7 @@ start_command() {
if compiler run $g_debugging $nolock compile ${VARDIR}/.start; then if compiler run $g_debugging $nolock compile ${VARDIR}/.start; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
${VARDIR}/.start $g_debugging start run_it ${VARDIR}/.start $g_debugging start
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -398,15 +409,9 @@ start_command() {
;; ;;
esac esac
export NOROUTES
export PURGE
if [ -n "${g_fast}${AUTOMAKE}" ]; then if [ -n "${g_fast}${AUTOMAKE}" ]; then
if qt mywhich make; then if qt mywhich make; then
restorefile=$RESTOREFILE restorefile=$RESTOREFILE
#
# RESTOREFILE is exported by get_config()
#
if [ -z "$g_fast" ]; then if [ -z "$g_fast" ]; then
# #
# Autofast -- use the last compiled script # Autofast -- use the last compiled script
@ -414,8 +419,10 @@ start_command() {
RESTOREFILE=firewall RESTOREFILE=firewall
fi fi
if ! make -qf ${CONFDIR}/Makefile; then export RESTOREFILE
g_fast=
if make -qf ${CONFDIR}/Makefile; then
g_fast=
AUTOMAKE= AUTOMAKE=
fi fi
@ -430,7 +437,7 @@ start_command() {
if [ -x $g_restorepath ]; then if [ -x $g_restorepath ]; then
echo Restoring Shorewall6... echo Restoring Shorewall6...
$SHOREWALL_SHELL $g_restorepath restore run_it $g_restorepath restore
date > ${VARDIR}/restarted date > ${VARDIR}/restarted
progress_message3 Shorewall6 restored from $g_restorepath progress_message3 Shorewall6 restored from $g_restorepath
else else
@ -680,9 +687,6 @@ restart_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
export PURGE
if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then if [ -z "$g_fast" -a -n "$AUTOMAKE" ]; then
if qt mywhich make; then if qt mywhich make; then
# #
@ -700,7 +704,7 @@ restart_command() {
if compiler run $g_debugging $nolock compile ${VARDIR}/.restart; then if compiler run $g_debugging $nolock compile ${VARDIR}/.restart; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/.restart $g_debugging restart run_it ${VARDIR}/.restart $g_debugging restart
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -710,7 +714,7 @@ restart_command() {
else else
[ -x ${VARDIR}/firewall ] || fatal_error "No ${VARDIR}/firewall file found" [ -x ${VARDIR}/firewall ] || fatal_error "No ${VARDIR}/firewall file found"
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/firewall $g_debugging restart run_it ${VARDIR}/firewall $g_debugging restart
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
fi fi
@ -764,13 +768,11 @@ refresh_command() {
[ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"
export NOROUTES
progress_message3 "Compiling..." progress_message3 "Compiling..."
if compiler run $g_debugging $nolock compile ${VARDIR}/.refresh; then if compiler run $g_debugging $nolock compile ${VARDIR}/.refresh; then
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
$SHOREWALL_SHELL ${VARDIR}/.refresh $g_debugging refresh run_it ${VARDIR}/.refresh $g_debugging refresh
rc=$? rc=$?
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
else else
@ -875,11 +877,11 @@ safe_commands() {
case $command in case $command in
start) start)
export RESTOREFILE=NONE RESTOREFILE=NONE
progress_message3 "Starting..." progress_message3 "Starting..."
;; ;;
restart) restart)
export RESTOREFILE=.safe RESTOREFILE=.safe
g_restorepath=${VARDIR}/.safe g_restorepath=${VARDIR}/.safe
save_config save_config
progress_message3 "Restarting..." progress_message3 "Restarting..."
@ -888,7 +890,7 @@ safe_commands() {
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if ${VARDIR}/.$command $command; then if run_it ${VARDIR}/.$command $command; then
echo -n "Do you want to accept the new firewall configuration? [y/n] " echo -n "Do you want to accept the new firewall configuration? [y/n] "
@ -896,9 +898,9 @@ safe_commands() {
echo "New configuration has been accepted" echo "New configuration has been accepted"
else else
if [ "$command" = "restart" ]; then if [ "$command" = "restart" ]; then
${VARDIR}/.safe restore run_it ${VARDIR}/.safe restore
else else
${VARDIR}/.$command clear run_it ${VARDIR}/.$command clear
fi fi
[ -n "$nolock" ] || mutex_off [ -n "$nolock" ] || mutex_off
@ -1011,11 +1013,11 @@ try_command() {
case $command in case $command in
start) start)
export RESTOREFILE=NONE RESTOREFILE=NONE
progress_message3 "Starting..." progress_message3 "Starting..."
;; ;;
restart) restart)
export RESTOREFILE=.try RESTOREFILE=.try
g_restorepath=${VARDIR}/.try g_restorepath=${VARDIR}/.try
save_config save_config
progress_message3 "Restarting..." progress_message3 "Restarting..."
@ -1024,13 +1026,13 @@ try_command() {
[ -n "$nolock" ] || mutex_on [ -n "$nolock" ] || mutex_on
if ${VARDIR}/.$command $command && [ -n "$timeout" ]; then if run_it ${VARDIR}/.$command $command && [ -n "$timeout" ]; then
sleep $timeout sleep $timeout
if [ "$command" = "restart" ]; then if [ "$command" = "restart" ]; then
${VARDIR}/.try restore run_it ${VARDIR}/.try restore
else else
${VARDIR}/.$command clear run_it ${VARDIR}/.$command clear
fi fi
fi fi
@ -1330,7 +1332,7 @@ g_export=
NOROUTES= NOROUTES=
PURGE= PURGE=
export TIMESTAMP= TIMESTAMP=
finished=0 finished=0
@ -1478,13 +1480,12 @@ if [ $# -eq 0 ]; then
fi fi
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
MUTEX_TIMEOUT= MUTEX_TIMEOUT=
SHAREDIR=/usr/share/shorewall6 SHAREDIR=/usr/share/shorewall6
CONFDIR=/etc/shorewall6 CONFDIR=/etc/shorewall6
g_product="Shorewall6" g_product="Shorewall6"
export RECOVERING= RECOVERING=
[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir [ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir
@ -1549,18 +1550,16 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1 [ $# -ne 1 ] && usage 1
get_config get_config
[ -x $g_firewall ] || fatal_error "Shorewall6 has never been started" [ -x $g_firewall ] || fatal_error "Shorewall6 has never been started"
export NOROUTES
mutex_on mutex_on
$SHOREWALL_SHELL $g_firewall $g_debugging $nolock $COMMAND run_it $g_firewall $g_debugging $nolock $COMMAND
mutex_off mutex_off
;; ;;
reset) reset)
get_config get_config
export NOROUTES
shift shift
mutex_on mutex_on
[ -x $g_firewall ] || fatal_error "Shorewall6 has never been started" [ -x $g_firewall ] || fatal_error "Shorewall6 has never been started"
$SHOREWALL_SHELL $g_firewall $g_debugging $nolock reset $@ run_it $g_firewall $g_debugging $nolock reset $@
mutex_off mutex_off
;; ;;
compile) compile)