diff --git a/Shorewall/firewall b/Shorewall/firewall index 1d443fbee..72446cc40 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -29,7 +29,6 @@ # shorewall start Starts the firewall # shorewall restart Restarts the firewall # shorewall stop Stops the firewall -# shorewall status Displays firewall status # shorewall reset Resets iptables packet and # byte counts # shorewall clear Remove all Shorewall chains @@ -1941,8 +1940,14 @@ stop_firewall() { fi echo Restoring Shorewall... - $RESTOREPATH - echo "Shorewall restored from $RESTOREPATH" + + if $RESTOREPATH; then + echo "Shorewall restored from $RESTOREPATH" + set_state "Started" + else + set_state "Unknown" + fi + my_mutex_off kill $$ exit 2 @@ -1950,6 +1955,8 @@ stop_firewall() { ;; esac + set_state "Stopping" + stopping="Yes" terminator= @@ -2051,6 +2058,8 @@ stop_firewall() { run_user_exit stopped + set_state "Stopped" + logger "Shorewall Stopped" rm -rf $TMP_DIR @@ -2092,6 +2101,8 @@ clear_firewall() { run_user_exit clear + set_state "Cleared" + logger "Shorewall Cleared" } @@ -7829,6 +7840,8 @@ define_firewall() # $1 = Command (Start or Restart) echo "${1}ing Shorewall..." + set_state "${1}ing" + verify_os_version verify_ip @@ -7926,6 +7939,8 @@ define_firewall() # $1 = Command (Start or Restart) date > /var/lib/shorewall/restarted + run_and_save_command set_state "Started" + report "Shorewall ${1}ed" run_user_exit started @@ -8690,7 +8705,7 @@ do_initialize() { # Give Usage Information # usage() { - echo "Usage: $0 [debug] {start|stop|reset|restart|status|refresh|clear|{add|delete} [:hosts] zone}}" + echo "Usage: $0 [debug] {start|stop|reset|restart|refresh|clear|{add|delete} [:hosts] zone}}" exit 1 } @@ -8756,22 +8771,6 @@ case "$COMMAND" in my_mutex_off ;; - status) - [ $# -ne 1 ] && usage - do_initialize - echo "Shorewall-$version Status at $HOSTNAME - $(date)" - echo - if chain_exists shorewall; then - echo "Shorewall is started" - echo - [ -f /var/lib/shorewall/restarted ] && \ - echo "Counters reset $(cat /var/lib/shorewall/restarted)" && \ - echo - else - echo "Shorewall is not started" - fi - ;; - reset) [ $# -ne 1 ] && usage do_initialize diff --git a/Shorewall/functions b/Shorewall/functions index a6ac5562b..3d543fb9f 100755 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -800,3 +800,11 @@ mywhich() { return 2 } + +# +# Set the Shorewall state +# +set_state () # $1 = state +{ + echo "$1 ($(date))" > /var/lib/shorewall/state +} diff --git a/Shorewall/help b/Shorewall/help index 42c5e7242..0a196a00e 100755 --- a/Shorewall/help +++ b/Shorewall/help @@ -302,9 +302,18 @@ status) shorewall status - Displays the Shorewall status (started/not-started). If Shorewall is started, - the time at which Shorewall was last started/restarted/refreshed or reset is - displayed." + Displays the Shorewall status (running/not-running)." + ;; + +state) + echo "state: state + + shorewall state + + Displays the Shorewall state as shown in the state diagram at + http://www.shorewall.net/starting_and_stopping_shorewall. If Shorewall + has been started since installed, the time at which Shorewall was last + started/restarted/refreshed or reset is displayed." ;; trace) diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 9604a8a21..13fb2550d 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -33,8 +33,8 @@ Migration Considerations: columns of the /etc/shorewall/ipsec file. The latter file has been removed. - To attempt to adhere to the principle of least astonishment, the - old /etc/shorewall/ipsec file will continue to be supported. A new + Adhering to the principle of least astonishment, the old + /etc/shorewall/ipsec file will continue to be supported. A new IPSECFILE variable in /etc/shorewall/shorewall.conf determines the name of the file that Shorewall looks in for IPSEC information. If that variable is not set or is set to the empty value then diff --git a/Shorewall/shorewall b/Shorewall/shorewall index d4b1e8eec..196df6358 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -42,6 +42,7 @@ # plus the last 20 "interesting" # packets # shorewall status Displays firewall status +# shorewall state Displays firewall state # shorewall reset Resets iptables packet and # byte counts # shorewall clear Open the floodgates by @@ -513,6 +514,7 @@ usage() # $1 = exit status echo " show [ [ ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]" echo " start [ ]" echo " stop" + echo " state" echo " status" echo " try [ ]" echo " version" @@ -909,15 +911,33 @@ case "$1" in ;; status) [ $# -eq 1 ] || usage 1 - echo "Shorewall-$version Status at $HOSTNAME - $(date)" - echo if qt $IPTABLES -L shorewall -n -v; then - echo "Shorewall is started" - echo - show_reset - else - echo "Shorewall is not started" + echo "Shorewall is running" + exit 0 fi + + echo "Shorewall is stopped" + status=4 + if [ -f /var/lib/shorewall/state ]; then + case $(cat /var/lib/shorewall/state) in + Stopped*|Clear*) + status=3 + ;; + esac + fi + exit $status + ;; + state) + [ $# -eq 1 ] || usage 1 + echo "Shorewall-$version State at $HOSTNAME - $(date)" + echo + if [ -f /var/lib/shorewall/state ]; then + state=$(cat /var/lib/shorewall/state) + else + state=Unknown + fi + echo "The Shorewall state is $state" + echo ;; dump) [ -n "$debugging" ] && set -x