diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index f6f9cc3c8..afc25574f 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -2,6 +2,8 @@ Changes in 2.2.4 1) Added support for UPnP +2) Add 'started' hook. + Changes in 2.2.3 1) Added the 'continue' extension script. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 8f579edc8..ad790da42 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -6811,6 +6811,7 @@ define_firewall() # $1 = Command (Start or Restart) mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base mv -f $RESTOREBASE /var/lib/shorewall/restore-tail + run_user_exit started } # diff --git a/Shorewall2/install.sh b/Shorewall2/install.sh index 8a22cc08a..8ce8604d6 100755 --- a/Shorewall2/install.sh +++ b/Shorewall2/install.sh @@ -503,6 +503,16 @@ else echo "Continue file installed as ${PREFIX}/etc/shorewall/continue" fi # +# Install the Started file +# +if [ -f ${PREFIX}/etc/shorewall/started ]; then + backup_file /etc/shorewall/started +else + run_install -o $OWNER -g $GROUP -m 0600 started ${PREFIX}/etc/shorewall/started + echo + echo "Started file installed as ${PREFIX}/etc/shorewall/started" +fi +# # Install the Standard Actions file # install_file_with_backup actions.std ${PREFIX}/usr/share/shorewall/actions.std 0600 diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 0e8c4af0b..05f7fe5e3 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -67,6 +67,16 @@ New Features in version 2.2.4 You must also ensure that you have a route to 224.0.0.0/4 on your internal (local) interface. +2) A new 'started' extension script has been added. The difference + between this extension script and /etc/shorewall/start is that this + one is invoked after delayed loading of the blacklist + (DELAYBLACKLISTLOAD=Yes) and after the 'shorewall' chain has been + created (thus signaling that the firewall is completely up. + + /etc/shorewall/started should not change the firewall configuration + directly but may do so indirectly by running /sbin/shorewall with + the 'nolock' option. + ----------------------------------------------------------------------- Problems corrected in version 2.2.3 diff --git a/Shorewall2/shorewall.spec b/Shorewall2/shorewall.spec index 7030dbd51..4fbc6ebc2 100644 --- a/Shorewall2/shorewall.spec +++ b/Shorewall2/shorewall.spec @@ -94,6 +94,7 @@ fi %attr(0600,root,root) %config(noreplace) /etc/shorewall/accounting %attr(0600,root,root) %config(noreplace) /etc/shorewall/actions %attr(0600,root,root) %config(noreplace) /etc/shorewall/continue +%attr(0600,root,root) %config(noreplace) /etc/shorewall/started %attr(0544,root,root) /sbin/shorewall diff --git a/Shorewall2/started b/Shorewall2/started new file mode 100644 index 000000000..279c0e7b9 --- /dev/null +++ b/Shorewall2/started @@ -0,0 +1,13 @@ +############################################################################ +# Shorewall 2.2 -- /etc/shorewall/started +# +# Add commands below that you want to be executed after shorewall has +# been completely started or restarted. The difference between this +# extension script and /etc/shorewall/start is that this one is invoked +# after delayed loading of the blacklist (DELAYBLACKLISTLOAD=Yes) and +# after the 'shorewall' chain has been created (thus signaling that the +# firewall is completely up. +# +# This script should not change the firewall configuration directly but may +# do so indirectly by running /sbin/shorewall with the 'nolock' option. +#