From b215f91d4a4176a796bf594b509d544c1bc95a0b Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 30 Mar 2009 18:33:30 +0000 Subject: [PATCH] Pass input directly to iptables[6]-restore during stop Signed-off-by: Tom Eastep git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/Perl/Shorewall/Chains.pm | 35 +++++++++++++----------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 9d7086acb..cd1bc12b2 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2990,20 +2990,21 @@ sub create_stop_load( $ ) { @table_list = qw( raw mangle filter ); } - $mode = NULL_MODE; - my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore'; my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE'; emit ''; - emit "exec 3>\${VARDIR}/.${utility}-stop-input"; + emit( '[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY, + '', + 'progress_message2 "Running $command..."', + '', + '$command <{name}, $_ for ( grep defined $_, @{$chainref->{rules}} ); + emitr $chainref->{name}, $_ for @{$chainref->{rules}}; } # # Commit the changes to the table # - enter_cat_mode unless $mode == CAT_MODE; + assert( $mode == CAT_MODE ); emit_unindented 'COMMIT'; } - enter_cmd_mode; + emit_unindented 'EOF'; # - # Now generate the actual ip[6]tables-restore command + # Test result # - emit( 'exec 3>&-', - '', - '[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY, - '', - 'progress_message2 "Running $command..."', - '', - "cat \${VARDIR}/.${utility}-stop-input | \$command # Use this nonsensical form to appease SELinux", - 'if [ $? != 0 ]; then', - qq( fatal_error "$command Failed. Input is in \${VARDIR}/.${utility}-stop-input"), + emit ('', + 'if [ $? != 0 ]; then', + ' error_message "ERROR: \$command Failed."', "fi\n" - ); + ); }