Add 'started' hook

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2034 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -2,6 +2,8 @@ Changes in 2.2.4
 
 1) Added support for UPnP
 
+2) Add 'started' hook.
+
 Changes in 2.2.3
 
 1) Added the 'continue' extension script.

Shorewall2/firewall

@@ -6811,6 +6811,7 @@ define_firewall() # $1 = Command (Start or Restart)
     mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base
     mv -f $RESTOREBASE /var/lib/shorewall/restore-tail    
 
+    run_user_exit started
 }
 
 #

Shorewall2/install.sh

@@ -503,6 +503,16 @@ else
     echo "Continue file installed as ${PREFIX}/etc/shorewall/continue"
 fi
 #
+# Install the Started file
+#
+if [ -f ${PREFIX}/etc/shorewall/started ]; then
+    backup_file /etc/shorewall/started
+else
+    run_install -o $OWNER -g $GROUP -m 0600 started ${PREFIX}/etc/shorewall/started
+    echo
+    echo "Started file installed as ${PREFIX}/etc/shorewall/started"
+fi
+#
 # Install the Standard Actions file
 #
 install_file_with_backup actions.std ${PREFIX}/usr/share/shorewall/actions.std 0600

Shorewall2/releasenotes.txt

@@ -67,6 +67,16 @@ New Features in version 2.2.4
    You must also ensure that you have a route to 224.0.0.0/4 on your
    internal (local) interface.
 
+2) A new 'started' extension script has been added.  The difference
+   between this extension script and /etc/shorewall/start is that this
+   one is invoked after delayed loading of the blacklist
+   (DELAYBLACKLISTLOAD=Yes) and after the 'shorewall' chain has been
+   created (thus signaling that the firewall is completely up.
+
+   /etc/shorewall/started should not change the firewall configuration
+   directly but may do so indirectly by running /sbin/shorewall with
+   the 'nolock' option.
+
 -----------------------------------------------------------------------
 Problems corrected in version 2.2.3
 

Shorewall2/shorewall.spec

@@ -94,6 +94,7 @@ fi
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/accounting
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/actions
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/continue
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/started
 
 %attr(0544,root,root) /sbin/shorewall
 

Shorewall2/started

@@ -0,0 +1,13 @@
+############################################################################
+# Shorewall 2.2 -- /etc/shorewall/started
+#
+# Add commands below that you want to be executed after shorewall has
+# been completely started or restarted. The difference between this
+# extension script and /etc/shorewall/start is that this one is invoked
+# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and
+# after the 'shorewall' chain has been created (thus signaling that the
+# firewall is completely up.
+#
+# This script should not change the firewall configuration directly but may
+# do so indirectly by running /sbin/shorewall with the 'nolock' option.
+#