holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Pass input directly to iptables[6]-restore during stop

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-30 18:33:30 +00:00
parent 715554e579
commit b215f91d4a
1 changed files with 15 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2990,20 +2990,21 @@ sub create_stop_load( $ ) {
@table_list = qw( raw mangle filter );
}
$mode = NULL_MODE;
my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore';
my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE';
emit '';
emit "exec 3>\${VARDIR}/.${utility}-stop-input";
emit( '[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY,
'',
'progress_message2 "Running $command..."',
'',
'$command <<EOF' );
enter_cat_mode;
my $date = localtime;
$mode = CAT_MODE;
unless ( $test ) {
my $date = localtime;
emit_unindented '#';
emit_unindented "# Generated by Shorewall-perl $globals{VERSION} - $date";
emit_unindented '#';
@ -3039,30 +3040,24 @@ sub create_stop_load( $ ) {
# Then emit the rules
#
for my $chainref ( @chains ) {
emitr $chainref->{name}, $_ for ( grep defined $_, @{$chainref->{rules}} );
emitr $chainref->{name}, $_ for @{$chainref->{rules}};
}
#
# Commit the changes to the table
#
enter_cat_mode unless $mode == CAT_MODE;
assert( $mode == CAT_MODE );
emit_unindented 'COMMIT';
}
enter_cmd_mode;
emit_unindented 'EOF';
#
# Now generate the actual ip[6]tables-restore command
# Test result
#
emit( 'exec 3>&-',
'',
'[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY,
'',
'progress_message2 "Running $command..."',
'',
"cat \${VARDIR}/.${utility}-stop-input | \$command # Use this nonsensical form to appease SELinux",
'if [ $? != 0 ]; then',
qq( fatal_error "$command Failed. Input is in \${VARDIR}/.${utility}-stop-input"),
emit ('',
'if [ $? != 0 ]; then',
' error_message "ERROR: \$command Failed."',
"fi\n"
);
);
}