forked from extern/shorewall_code
More changes having to do with with dynamic chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
b591110fef
commit
afbb93ca8a
@ -777,14 +777,9 @@ case "$COMMAND" in
|
||||
g_restorepath=${VARDIR}/$RESTOREFILE
|
||||
|
||||
if [ -x $g_restorepath ]; then
|
||||
|
||||
if [ -x ${g_restorepath}-ipsets ]; then
|
||||
rm -f ${g_restorepath}-ipsets
|
||||
echo " ${g_restorepath}-ipsets removed"
|
||||
fi
|
||||
|
||||
rm -f $g_restorepath
|
||||
rm -f ${g_restorepath}-iptables
|
||||
rm -f ${g_restorepath}-ipsets
|
||||
echo " $g_restorepath removed"
|
||||
elif [ -f $g_restorepath ]; then
|
||||
echo " $g_restorepath exists and is not a saved Shorewall configuration"
|
||||
|
@ -327,7 +327,7 @@ else
|
||||
rm -f \${VARDIR}/.forwardUPnP
|
||||
fi
|
||||
|
||||
if chain_exists dynamic; then
|
||||
if [ "\$COMMAND" = restart ] && chain_exists dynamic; then
|
||||
$tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
|
||||
else
|
||||
rm -f \${VARDIR}/.dynamic
|
||||
@ -338,10 +338,17 @@ EOF
|
||||
emit ( 'else' );
|
||||
push_indent;
|
||||
|
||||
emit <<'EOF';
|
||||
rm -f ${VARDIR}/.UPnP
|
||||
rm -f ${VARDIR}/.forwardUPnP
|
||||
rm -f ${VARDIR}/.dynamic
|
||||
emit <<"EOF";
|
||||
rm -f \${VARDIR}/.UPnP
|
||||
rm -f \${VARDIR}/.forwardUPnP
|
||||
|
||||
if [ "\$COMMAND" = stop -o "\$COMMAND" = clear ]; then
|
||||
if chain_exists dynamic; then
|
||||
$tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
|
||||
else
|
||||
rm -f \${VARDIR}/.dynamic
|
||||
fi
|
||||
fi
|
||||
EOF
|
||||
pop_indent;
|
||||
|
||||
@ -569,7 +576,6 @@ EOF
|
||||
set_state "Started"
|
||||
else
|
||||
setup_netfilter
|
||||
restore_dynamic_rules
|
||||
conditionally_flush_conntrack
|
||||
EOF
|
||||
setup_forwarding( $family , 0 );
|
||||
|
@ -774,34 +774,6 @@ run_tc() {
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Restore the rules generated by 'drop','reject','logdrop', etc.
|
||||
#
|
||||
restore_dynamic_rules() {
|
||||
if [ -f ${VARDIR}/save ]; then
|
||||
progress_message2 "Setting up dynamic rules..."
|
||||
rangematch='source IP range'
|
||||
while read target ignore1 ignore2 address ignore3 rest; do
|
||||
case $target in
|
||||
DROP|reject|logdrop|logreject)
|
||||
case $rest in
|
||||
$rangematch*)
|
||||
run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
|
||||
;;
|
||||
*)
|
||||
if [ -z "$rest" ]; then
|
||||
run_iptables -A dynamic -s $address -j $target
|
||||
else
|
||||
error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
done < ${VARDIR}/save
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Get a list of all configured broadcast addresses on the system
|
||||
#
|
||||
|
@ -728,34 +728,6 @@ run_tc() {
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Restore the rules generated by 'drop','reject','logdrop', etc.
|
||||
#
|
||||
restore_dynamic_rules() {
|
||||
if [ -f ${VARDIR}/save ]; then
|
||||
progress_message2 "Setting up dynamic rules..."
|
||||
rangematch='source IP range'
|
||||
while read target ignore1 ignore2 address ignore3 rest; do
|
||||
case $target in
|
||||
DROP|reject|logdrop|logreject)
|
||||
case $rest in
|
||||
$rangematch*)
|
||||
run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
|
||||
;;
|
||||
*)
|
||||
if [ -z "$rest" ]; then
|
||||
run_iptables -A dynamic -s $address -j $target
|
||||
else
|
||||
error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
done < ${VARDIR}/save
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Run the .iptables_restore_input as a set of discrete iptables commands
|
||||
#
|
||||
|
@ -362,17 +362,7 @@ save_config() {
|
||||
;;
|
||||
*)
|
||||
validate_restorefile RESTOREFILE
|
||||
|
||||
if chain_exists dynamic; then
|
||||
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
|
||||
echo " Dynamic Rules Saved"
|
||||
do_save
|
||||
else
|
||||
echo "Error Saving the Dynamic Rules" >&2
|
||||
fi
|
||||
else
|
||||
do_save && rm -f ${VARDIR}/save
|
||||
fi
|
||||
do_save && rm -f ${VARDIR}/save
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
@ -1829,6 +1829,7 @@ case "$COMMAND" in
|
||||
if [ -x $g_restorepath ]; then
|
||||
rm -f $g_restorepath
|
||||
rm -f ${g_restorepath}-iptables
|
||||
rm -f ${g_restorepath}-ipsets
|
||||
echo " $g_restorepath removed"
|
||||
elif [ -f $g_restorepath ]; then
|
||||
echo " $g_restorepath exists and is not a saved Shorewall configuration"
|
||||
|
Loading…
Reference in New Issue
Block a user