Deprecate the -c option in /sbin/shorewall

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1560 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -48,3 +48,5 @@ Changes since 2.0.3
 22) Fix policy and maclist.
 
 23) Implement additional IPSEC options for zones and masq entries.
+
+24) Deprecate the -c option in /sbin/shorewall.

Shorewall2/help

@@ -60,7 +60,7 @@ allow)
 	;;
 
 check)
-	echo "check: check [ -c <configuration-directory> ]
+	echo "check: check [ <configuration-directory> ]
    Performs a cursory validation of the zones, interfaces, hosts,
    rules and policy files.  Use this if you are unsure of any edits
    you have made to the shorewall configuration.  See the try command
@@ -187,7 +187,7 @@ reset)
 	;;
 
 restart)
-	echo "restart: restart [ -q ] [ -c <configuration-directory> ]
+	echo "restart: [ -q ] restart [ <configuration-directory> ]
     Restart is the same as a shorewall stop && shorewall start.
     Existing connections are maintained.
     If \"-q\" is specified, less detain is displayed making it easier to spot warnings"
@@ -240,13 +240,14 @@ show)
 	;;
 
 start)
-	echo "start: [ -q ] [ -f ] [ -c <configuration-directory> ] start
+	echo "start: [ -q ] [ -f ] start [ <configuration-directory> ]
     Start shorewall.  Existing connections through shorewall managed
     interfaces are untouched.  New connections will be allowed only
     if they are allowed by the firewall rules or policies.
     If \"-q\" is specified, less detail is displayed making it easier to spot warnings
     If \"-f\" is specified, the saved configuration specified by the RESTOREFILE option
-    in shorewall.conf will be restored if that saved configuration exists"
+    in shorewall.conf will be restored if that saved configuration exists. In that
+    case, a <configuration-directory> may not be specified".
 	;;
 
 stop)

Shorewall2/releasenotes.txt

@@ -357,4 +357,13 @@ New Features:
     enforce the use of source port 500 for ISAKMP.
 
 9)  A new 'allowBcast' builtin action has been added -- it silently
-    allows broadcasts and multicasts. 
+    allows broadcasts and multicasts.
+
+10) The -c option in /sbin/shorewall commands is now deprecated. The
+    commands where -c was previously allowed now permit you to specify
+    a configuration directory after the command:
+
+      shorewall check   [ <configuration-directory> ]
+      shorewall restart [ <configuration-directory> ]
+      shorewall start   [ <configuration-directory> ]
+

Shorewall2/shorewall

@@ -33,7 +33,7 @@
 #
 #          shorewall add <iface>[:<host>] zone     Adds a host or subnet to a zone
 #          shorewall delete <iface>[:<host>] zone  Deletes a host or subnet from a zone
-#	   shorewall start			   Starts the firewall
+#	   shorewall start 			   Starts the firewall
 #	   shorewall restart			   Restarts the firewall
 #	   shorewall stop			   Stops the firewall
 #	   shorewall monitor [ refresh-interval ]  Repeatedly Displays firewall status
@@ -564,7 +564,7 @@ usage() # $1 = exit status
     echo "where <command> is one of:"
     echo "   add <interface>[:<host>] <zone>"
     echo "   allow <address> ..."
-    echo "   check"
+    echo "   check [ <directory> ]"
     echo "   clear"
     echo "   delete <interface>[:<host>] <zone>"
     echo "   drop <address> ..."
@@ -578,15 +578,17 @@ usage() # $1 = exit status
     echo "   refresh"
     echo "   reject <address> ..."
     echo "   reset"
-    echo "   restart"
+    echo "   restart [ <directory> ]"
     echo "   restore [ <file name> ]"
     echo "   save [ <file name> ]"
     echo "   show [<chain> [ <chain> ... ]|classifiers|connections|log|nat|tc|tos]"
-    echo "   start"
+    echo "   start [ <directory> ]"
     echo "   stop"
     echo "   status"
     echo "   try <directory> [ <timeout> ]"
     echo "   version"
+    echo 
+    echo "The -c and -f options may not be specified with a <directory> in the start, restart and check commands"
     exit $1
 }
 
@@ -761,8 +763,30 @@ esac
 
 case "$1" in
     start)
-	[ $# -ne 1 ] && usage 1
+	case $# in
+	    1)
+		;;
+	    2)
+		[ -n "$SHOREWALL_DIR" -o -n "$FAST" ] && usage 2
+
+		if [ ! -d $2 ]; then
+		    if [ -e $2 ]; then
+			echo "$2 is not a directory" >&2 && exit 2
+		    else
+			echo "Directory $2 does not exist" >&2 && exit 2
+		    fi
+		fi
+			
+		SHOREWALL_DIR=$2
+		export SHOREWALL_DIR
+		;;
+	    *)
+		usage 1
+		;;
+	esac
+	
 	get_config
+	
 	if [ -n "$FAST" ]; then
 	    
 	    RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
@@ -779,11 +803,36 @@ case "$1" in
 	    exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock start
 	fi
 	;;
-    stop|restart|reset|clear|refresh|check)
+    stop|reset|clear|refresh)
 	[ $# -ne 1 ] && usage 1
 	get_config
 	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
 	;;
+    check|restart)
+	case $# in
+	    1)
+		;;
+	    2)
+		[ -n "$SHOREWALL_DIR" ] && usage 2
+
+		if [ ! -d $2 ]; then
+		    if [ -e $2 ]; then
+			echo "$2 is not a directory" >&2 && exit 2
+		    else
+			echo "Directory $2 does not exist" >&2 && exit 2
+		    fi
+		fi
+			
+		SHOREWALL_DIR=$2
+		export SHOREWALL_DIR
+		;;
+	    *)
+		usage 1
+		;;
+	esac
+	get_config
+	exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1
+	;;
     add|delete)
 	[ $# -ne 3 ] && usage 1
 	get_config