holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Pass input directly to iptables[6]-restore during stop

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-03-30 18:33:30 +00:00
parent 715554e579
commit b215f91d4a
1 changed files with 15 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2990,20 +2990,21 @@ sub create_stop_load( $ ) {
@table_list = qw( raw mangle filter ); @table_list = qw( raw mangle filter );
} }
$mode = NULL_MODE;
my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore'; my $utility = $family == F_IPV4 ? 'iptables-restore' : 'ip6tables-restore';
my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE'; my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE';
emit ''; emit '';
emit "exec 3>\${VARDIR}/.${utility}-stop-input"; emit( '[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY,
'',
'progress_message2 "Running $command..."',
'',
'$command <<EOF' );
enter_cat_mode; $mode = CAT_MODE;
my $date = localtime;
unless ( $test ) { unless ( $test ) {
my $date = localtime;
emit_unindented '#'; emit_unindented '#';
emit_unindented "# Generated by Shorewall-perl $globals{VERSION} - $date"; emit_unindented "# Generated by Shorewall-perl $globals{VERSION} - $date";
emit_unindented '#'; emit_unindented '#';
@ -3039,28 +3040,22 @@ sub create_stop_load( $ ) {
# Then emit the rules # Then emit the rules
# #
for my $chainref ( @chains ) { for my $chainref ( @chains ) {
emitr $chainref->{name}, $_ for ( grep defined $_, @{$chainref->{rules}} ); emitr $chainref->{name}, $_ for @{$chainref->{rules}};
} }
# #
# Commit the changes to the table # Commit the changes to the table
# #
enter_cat_mode unless $mode == CAT_MODE; assert( $mode == CAT_MODE );
emit_unindented 'COMMIT'; emit_unindented 'COMMIT';
} }
enter_cmd_mode; emit_unindented 'EOF';
# #
# Now generate the actual ip[6]tables-restore command # Test result
# #
emit( 'exec 3>&-', emit ('',
'',
'[ -n "$DEBUG" ] && command=debug_restore_input || command=$' . $UTILITY,
'',
'progress_message2 "Running $command..."',
'',
"cat \${VARDIR}/.${utility}-stop-input | \$command # Use this nonsensical form to appease SELinux",
'if [ $? != 0 ]; then', 'if [ $? != 0 ]; then',
qq( fatal_error "$command Failed. Input is in \${VARDIR}/.${utility}-stop-input"), ' error_message "ERROR: \$command Failed."',
"fi\n" "fi\n"
); );