diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 2be348182..fcd6a4068 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -865,6 +865,11 @@ sub compiler { # compile_stop_firewall( $test, $export ); # + # U P D O W N + # (Writes the updown() function to the compiled script) + # + compile_updown; + # # Copy the footer to the script # unless ( $test ) { diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 4b60ae38b..d0d830001 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -70,6 +70,7 @@ our @EXPORT = qw( NOTHING get_interface_option set_interface_option verify_required_interfaces + compile_updown validate_hosts_file find_hosts_by_option all_ipsets @@ -816,6 +817,8 @@ sub process_interface( $$ ) { my $hostoptionsref = {}; + $options{ignore} = 1, $options = '-' if $options eq 'ignore'; + if ( $options ne '-' ) { my %hostoptions = ( dynamic => 0 ); @@ -1225,6 +1228,91 @@ sub verify_required_interfaces() { $returnvalue; } +# +# Emit the updown() function +# +sub compile_updown() { + emit( '', + '#', + '# Handle the "up" and "down" commands', + '#', + 'updown() # $1 = interface', + '{', + ); + + push_indent; + + emit( 'case $1 in' ); + + push_indent; + + my $ignore = find_interfaces_by_option 'ignore'; + my $required = find_interfaces_by_option 'required'; + + if ( @$ignore ) { + my $interfaces = join '|', map $interfaces{$_}->{physical}, @$ignore; + + $interfaces =~ s/\+/*/; + + emit( "$interfaces)", + ' exit 0', + ' ;;' + ); + } + + if ( @$required ) { + my $interfaces = join '|', map $interfaces{$_}->{physical}, @$required; + + $interfaces =~ s/\+/*/; + + emit( "$interfaces)", + ' if [ "$COMMAND" = up ]; then', + ' if shorewall_is_started; then', + ' COMMAND=restart', + ' else', + ' COMMAND=start', + ' fi', + '', + ' detect_configuration', + ' define_firewall', + ' else', + ' COMMAND=close', + ' detect_configuration', + ' stop_firewall', + ' fi', + ' ;;' + ); + } + + emit( "*)", + ' if [ "$COMMAND" = up ]; then', + ' if shorewall_is_started; then', + ' COMMAND=restart', + ' else', + ' COMMAND=start', + ' fi', + '', + ' detect_configuration', + ' define_firewall', + ' elif shorewall_is_started; then', + ' COMMAND=restart', + ' detect_configuration', + ' define_firewall', + ' fi', + ' ;;' + ); + + pop_indent; + + emit( 'esac' ); + + pop_indent; + + emit( '}', + '', + ); +} + # # Process a record in the hosts file # diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer index 11e26dbf3..3d46159c9 100644 --- a/Shorewall/Perl/prog.footer +++ b/Shorewall/Perl/prog.footer @@ -5,7 +5,7 @@ # Give Usage Information # usage() { - echo "Usage: $0 [ options ] [ start|stop|close|clear|reset|refresh|restart|status|version ]" + echo "Usage: $0 [ options ] [ start|stop|close|clear|down|reset|refresh|restart|status|up|version ]" echo echo "Options are:" echo @@ -285,7 +285,7 @@ case "$COMMAND" in if [ -f ${VARDIR}/state ]; then state="$(cat ${VARDIR}/state)" case $state in - Stopped*|Clear*) + Stopped*|Closed*|lClear*) status=3 ;; esac @@ -295,6 +295,13 @@ case "$COMMAND" in echo "State:$state" echo ;; + up|down) + [ $# -eq 1 ] && exit 0 + shift + [ $# -ne 1 ] && usage 2 + updown $@ + status=0; + ;; version) [ $# -ne 1 ] && usage 2 echo $SHOREWALL_VERSION diff --git a/Shorewall/Perl/prog.footer6 b/Shorewall/Perl/prog.footer6 index 253a2f2c9..312c67ef7 100644 --- a/Shorewall/Perl/prog.footer6 +++ b/Shorewall/Perl/prog.footer6 @@ -5,7 +5,7 @@ # Give Usage Information # usage() { - echo "Usage: $0 [ options ] [ start|stop|close|clear|reset|refresh|restart|status|version ]" + echo "Usage: $0 [ options ] [ start|stop|close|clear|down|reset|refresh|restart|status|up|version ]" echo echo "Options are:" echo @@ -286,7 +286,7 @@ else if [ -f ${VARDIR}/state ]; then state="$(cat ${VARDIR}/state)" case $state in - Stopped*|Clear*) + Stopped*|Closed*|Clear*) status=3 ;; esac @@ -296,6 +296,13 @@ else echo "State:$state" echo ;; + up|down) + [ $# -eq 1 ] && exit 0 + shift + [ $# -ne 1 ] && usage 2 + updown $1 + status=0 + ;; version) [ $# -ne 1 ] && usage 2 echo $SHOREWALL_VERSION