/sbin/shorewall status rework -- take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2430 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -29,7 +29,6 @@
 #	   shorewall start			  Starts the firewall
 #	   shorewall restart			  Restarts the firewall
 #	   shorewall stop			  Stops the firewall
-#	   shorewall status			  Displays firewall status
 #	   shorewall reset			  Resets iptables packet and
 #						  byte counts
 #	   shorewall clear			  Remove all Shorewall chains
@@ -1941,8 +1940,14 @@ stop_firewall() {
 		fi
 
 		echo Restoring Shorewall...
-		$RESTOREPATH
+
-		echo "Shorewall restored from $RESTOREPATH"
+		if $RESTOREPATH; then
+		    echo "Shorewall restored from $RESTOREPATH"
+		    set_state "Started"
+		else
+		    set_state "Unknown"
+		fi  
+		
 		my_mutex_off
 		kill $$
 		exit 2
@@ -1950,6 +1955,8 @@ stop_firewall() {
 	    ;;
     esac
 
+    set_state "Stopping"
+
     stopping="Yes"
 
     terminator=
@@ -2051,6 +2058,8 @@ stop_firewall() {
 
     run_user_exit stopped
 
+    set_state "Stopped"
+
     logger "Shorewall Stopped"
 
     rm -rf $TMP_DIR
@@ -2092,6 +2101,8 @@ clear_firewall() {
 
     run_user_exit clear
 
+    set_state "Cleared"
+
     logger "Shorewall Cleared"
 }
 
@@ -7829,6 +7840,8 @@ define_firewall() # $1 = Command (Start or Restart)
 
     echo "${1}ing Shorewall..."
 
+    set_state "${1}ing"
+
     verify_os_version
     verify_ip
 
@@ -7926,6 +7939,8 @@ define_firewall() # $1 = Command (Start or Restart)
 
     date > /var/lib/shorewall/restarted
 
+    run_and_save_command set_state "Started"
+
     report "Shorewall ${1}ed"
 
     run_user_exit started
@@ -8690,7 +8705,7 @@ do_initialize() {
 # Give Usage Information
 #
 usage() {
-    echo "Usage: $0 [debug] {start|stop|reset|restart|status|refresh|clear|{add|delete} <interface>[:hosts] zone}}"
+    echo "Usage: $0 [debug] {start|stop|reset|restart|refresh|clear|{add|delete} <interface>[:hosts] zone}}"
     exit 1
 }
 
@@ -8756,22 +8771,6 @@ case "$COMMAND" in
 	my_mutex_off
 	;;
 
-    status)
-	[ $# -ne 1 ] && usage
-	do_initialize
-	echo "Shorewall-$version Status at $HOSTNAME - $(date)"
-	echo
-	if chain_exists shorewall; then
-	    echo "Shorewall is started"
-	    echo 
-	    [ -f /var/lib/shorewall/restarted ] && \
-		echo "Counters reset $(cat /var/lib/shorewall/restarted)" && \
-		echo
-	else
-	    echo "Shorewall is not started"
-	fi
-	;;
-
     reset)
 	[ $# -ne 1 ] && usage
 	do_initialize

Shorewall/functions

@@ -800,3 +800,11 @@ mywhich() {
 
     return 2
 }
+
+#
+# Set the Shorewall state
+#
+set_state () # $1 = state
+{
+    echo "$1 ($(date))" > /var/lib/shorewall/state
+}

Shorewall/help

@@ -302,9 +302,18 @@ status)
 
     shorewall status
 
-    Displays the Shorewall status (started/not-started). If Shorewall is started,
+    Displays the Shorewall status (running/not-running)."
-    the time at which Shorewall was last started/restarted/refreshed or reset is
+	;;
-    displayed."   
+
+state)
+	echo "state: state
+
+    shorewall state
+
+    Displays the Shorewall state as shown in the state diagram at
+    http://www.shorewall.net/starting_and_stopping_shorewall.  If Shorewall
+    has been started since installed, the time at which Shorewall was last
+    started/restarted/refreshed or reset is displayed."   
 	;;
 
 trace)

Shorewall/releasenotes.txt

@@ -33,8 +33,8 @@ Migration Considerations:
    columns of the /etc/shorewall/ipsec file. The latter file has been
    removed.
 
-   To attempt to adhere to the principle of least astonishment, the
+   Adhering to the principle of least astonishment, the old
-   old /etc/shorewall/ipsec file will continue to be supported. A new
+   /etc/shorewall/ipsec file will continue to be supported. A new
    IPSECFILE variable in /etc/shorewall/shorewall.conf determines the
    name of the file that Shorewall looks in for IPSEC information. If
    that variable is not set or is set to the empty value then

Shorewall/shorewall

@@ -42,6 +42,7 @@
 #						   plus the last 20 "interesting"
 #						   packets
 #	   shorewall status			   Displays firewall status
+#          shorewall state                         Displays firewall state
 #	   shorewall reset			   Resets iptables packet and
 #						   byte counts
 #	   shorewall clear			   Open the floodgates by
@@ -513,6 +514,7 @@ usage() # $1 = exit status
     echo "   show [<chain> [ <chain> ... ]|actions|capabilities|classifiers|connections|log|nat|tc|tos|zones]"
     echo "   start [ <directory> ]"
     echo "   stop"
+    echo "   state"
     echo "   status"
     echo "   try <directory> [ <timeout> ]"
     echo "   version"
@@ -909,15 +911,33 @@ case "$1" in
 	;;
     status)
 	[ $# -eq 1 ] || usage 1
-	echo "Shorewall-$version Status at $HOSTNAME - $(date)"
-	echo
 	if qt $IPTABLES -L shorewall -n -v; then
-	    echo "Shorewall is started"
+	    echo "Shorewall is running"
-	    echo 
+	    exit 0
-	    show_reset
-	else
-	    echo "Shorewall is not started"
 	fi
+
+	echo "Shorewall is stopped"
+	status=4
+	if [ -f /var/lib/shorewall/state ]; then
+	    case $(cat /var/lib/shorewall/state) in
+		Stopped*|Clear*)
+		    status=3
+		    ;;
+	    esac
+	fi
+	exit $status    
+	;;
+    state)
+	[ $# -eq 1 ] || usage 1
+	echo "Shorewall-$version State at $HOSTNAME - $(date)"
+	echo
+	if [ -f /var/lib/shorewall/state ]; then
+	    state=$(cat /var/lib/shorewall/state)
+	else
+	    state=Unknown
+	fi
+	echo "The Shorewall state is $state"
+	echo
 	;;
     dump)
     	[ -n "$debugging" ] && set -x