Exit status 255 from tcclear indicates that Shorewall should not clear tc

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@391 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-31 03:50:05 +00:00 · 2002-12-31 03:50:05 +00:00 · 9ebd6ceaae
commit 9ebd6ceaae
parent 144c9ab576
3 changed files with 22 additions and 13 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,3 +4,5 @@ Changes since 1.3.12

 2. Print policies in 'check' command.

+3. Result 255 from /etc/shorewall/tcclear inhibits clearing tc rules.
+
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -1843,23 +1843,27 @@ setup_tc() {
 #
 delete_tc()
 {
+    local result
+
    clear_one_tc() {
 	tc qdisc del dev $1 root    2> /dev/null
 	tc qdisc del dev $1 ingress 2> /dev/null
    }

    run_user_exit tcclear
+    result=$?

-    run_ip link list | \
-    while read inx interface details; do
-	case $inx in
-	[0-9]*)
-	    clear_one_tc ${interface%:}
-	    ;;
-	*)
-	    ;;
-	esac
-    done
+    if [ $result -ne 255 ]; then
+	run_ip link list | while read inx interface details; do
+	    case $inx in
+		[0-9]*)
+                    clear_one_tc ${interface%:}
+		    ;;
+		*)
+		    ;;
+	    esac
+	done
+    fi
 }

 #
@ -3297,7 +3301,7 @@ initialize_netfilter () {
 	run_user_exit newnotsyn
 	if [ -n "$LOGNEWNOTSYN" ]; then
 	    if [ "$LOGNEWNOTSYN" = ULOG ]; then
-		run_iptables -A newnotsyn -j ULOG \
+		run_iptables -A newnotsyn -j ULOG 
 		    --ulog-prefix "Shorewall:newnotsyn:DROP:"
 	    else
 		run_iptables -A newnotsyn -j LOG \
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -7,8 +7,8 @@ New features include:
   wish to minimize the number of rules that connection requests must
   traverse.
   
-   A Shorewall DNAT rule actually generates two iptables rules: an
-   address rewriting rule in the 'nat' table and an ACCEPT rule in the
+   A Shorewall DNAT rule actually generates two iptables rules: a
+   header rewriting rule in the 'nat' table and an ACCEPT rule in the
   'filter' table. A DNAT- rule only generates the first of these
   rules. This is handy when you have several DNAT rules that would
   generate the same ACCEPT rule.
@ -32,3 +32,6 @@ New features include:

 2) The 'shorewall check' command now prints out the applicable policy
   between each pair of zones.
+
+3. An exit status of 255 from /etc/shorewall/tcclear will prevent
+   Shorewall from clearing the QOS configuration.