forked from extern/shorewall_code
Replace trace, debug and nolock with options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
de761ac657
commit
b52a330f41
@ -4120,9 +4120,9 @@ start_command() {
|
||||
|
||||
if [ -x $g_firewall ]; then
|
||||
if [ -n "$g_fast" -a -x ${VARDIR}/${RESTOREFILE} -a ! $g_firewall -nt ${VARDIR}/${RESTOREFILE} ]; then
|
||||
run_it ${VARDIR}/${RESTOREFILE} $g_debugging restore
|
||||
run_it ${VARDIR}/${RESTOREFILE} restore
|
||||
else
|
||||
run_it $g_firewall $g_debugging start
|
||||
run_it $g_firewall start
|
||||
fi
|
||||
rc=$?
|
||||
else
|
||||
@ -4256,7 +4256,7 @@ restart_command() {
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
|
||||
if [ -x $g_firewall ]; then
|
||||
run_it $g_firewall $g_debugging $COMMAND
|
||||
run_it $g_firewall $COMMAND
|
||||
rc=$?
|
||||
else
|
||||
error_message "$g_firewall is missing or is not executable"
|
||||
@ -4270,7 +4270,7 @@ restart_command() {
|
||||
|
||||
run_command() {
|
||||
if [ -x $g_firewall ] ; then
|
||||
run_it $g_firewall $g_debugging $@
|
||||
run_it $g_firewall $@
|
||||
else
|
||||
fatal_error "$g_firewall does not exist or is not executable"
|
||||
fi
|
||||
@ -4287,7 +4287,13 @@ ecko() {
|
||||
#
|
||||
usage() # $1 = exit status
|
||||
{
|
||||
echo "Usage: $(basename $0) [debug|trace] [nolock] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
|
||||
echo "Usage: $(basename $0) [ -T ] [ -D ] [ -N ] [ -q ] [ -v[-1|{0-2}] ] [ -t ] <command>"
|
||||
echo " -T : Direct the generated script to produce a shell trace to standard error"
|
||||
echo " -D : Debug iptables commands"
|
||||
echo " -N : Don't take the master shorewall lock"
|
||||
echo " -q : Standard Shorewall verbosity control"
|
||||
echo " -v : Standard Shorewall verbosity control"
|
||||
echo " -t : Timestamp all messages"
|
||||
echo "where <command> is one of:"
|
||||
echo " add <interface>[:<host-list>] ... <zone>"
|
||||
echo " allow <address> ..."
|
||||
@ -4415,20 +4421,16 @@ usage() # $1 = exit status
|
||||
# here if that lib is loaded below.
|
||||
#
|
||||
shorewall_cli() {
|
||||
g_debugging=
|
||||
|
||||
if [ $# -gt 0 ] && [ "x$1" = "xdebug" -o "x$1" = "xtrace" ]; then
|
||||
g_debugging=$1
|
||||
shift
|
||||
fi
|
||||
|
||||
g_nolock=
|
||||
|
||||
#
|
||||
# We'll keep this around for a while so we don't break people's started scripts
|
||||
#
|
||||
if [ $# -gt 0 ] && [ "$1" = "nolock" ]; then
|
||||
g_nolock=nolock
|
||||
shift
|
||||
fi
|
||||
|
||||
g_debugging=
|
||||
g_noroutes=
|
||||
g_purge=
|
||||
g_ipt_options="-nv"
|
||||
@ -4456,6 +4458,7 @@ shorewall_cli() {
|
||||
g_blacklistipset=
|
||||
g_disconnect=
|
||||
g_havemutex=
|
||||
g_trace=
|
||||
|
||||
VERBOSE=
|
||||
VERBOSITY=1
|
||||
@ -4587,6 +4590,17 @@ shorewall_cli() {
|
||||
finished=1
|
||||
option=
|
||||
;;
|
||||
T*)
|
||||
g_debugging=trace
|
||||
option=${option#T}
|
||||
;;
|
||||
D*)
|
||||
g_debugging=debug
|
||||
option=${option#D}
|
||||
;;
|
||||
N*)
|
||||
g_nolock=nolock
|
||||
;;
|
||||
*)
|
||||
option_error $option
|
||||
;;
|
||||
@ -4639,7 +4653,7 @@ shorewall_cli() {
|
||||
get_config
|
||||
[ -x $g_firewall ] || fatal_error "$g_product has never been started"
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
run_it $g_firewall $g_debugging $COMMAND
|
||||
run_it $g_firewall $COMMAND
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
;;
|
||||
reset)
|
||||
@ -4648,7 +4662,7 @@ shorewall_cli() {
|
||||
shift
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
[ -x $g_firewall ] || fatal_error "$g_product has never been started"
|
||||
run_it $g_firewall $g_debugging reset $@
|
||||
run_it $g_firewall reset $@
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
;;
|
||||
reload|restart)
|
||||
@ -4661,7 +4675,7 @@ shorewall_cli() {
|
||||
only_root
|
||||
get_config Yes
|
||||
if product_is_started; then
|
||||
run_it $g_firewall $g_debugging $@
|
||||
run_it $g_firewall $@
|
||||
else
|
||||
fatal_error "$g_product is not running"
|
||||
fi
|
||||
@ -4816,7 +4830,7 @@ shorewall_cli() {
|
||||
# It isn't a function visible to this script -- try
|
||||
# the compiled firewall
|
||||
#
|
||||
run_it $g_firewall $g_debugging call $@
|
||||
run_it $g_firewall call $@
|
||||
fi
|
||||
else
|
||||
missing_argument
|
||||
|
@ -92,18 +92,20 @@ startup_error() # $* = Error Message
|
||||
#
|
||||
run_it() {
|
||||
local script
|
||||
local options
|
||||
local options='-'
|
||||
|
||||
export VARDIR
|
||||
|
||||
script=$1
|
||||
shift
|
||||
|
||||
if [ x$1 = xtrace -o x$1 = xdebug ]; then
|
||||
options="$1 -"
|
||||
shift;
|
||||
|
||||
if [ "$g_debugging" = debug ]; then
|
||||
options='-D'
|
||||
elif [ "$g_debugging" = trace ]; then
|
||||
options='-T'
|
||||
else
|
||||
options='-'
|
||||
options='-';
|
||||
fi
|
||||
|
||||
[ -n "$g_noroutes" ] && options=${options}n
|
||||
@ -736,8 +738,8 @@ truncate() # $1 = length
|
||||
|
||||
#
|
||||
# Call this function to assert mutual exclusion with Shorewall. If you invoke the
|
||||
# /sbin/shorewall program while holding mutual exclusion, you should pass "nolock" as
|
||||
# the first argument. Example "shorewall nolock refresh"
|
||||
# /sbin/shorewall program while holding mutual exclusion, you should pass -N as
|
||||
# the first argument. Example "shorewall -N refresh"
|
||||
#
|
||||
# This function uses the lockfile utility from procmail if it exists.
|
||||
# Otherwise, it uses a somewhat race-prone algorithm to attempt to simulate the
|
||||
|
@ -21,9 +21,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg rep="norepeat">options</arg>
|
||||
|
||||
<arg choice="plain"><option>add {</option></arg>
|
||||
@ -39,9 +36,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>allow</option></arg>
|
||||
@ -52,9 +46,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>blacklist</option></arg>
|
||||
@ -67,9 +58,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>call</option></arg>
|
||||
@ -106,9 +94,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -118,9 +103,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>close</option><arg choice="req">
|
||||
@ -159,9 +141,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg rep="norepeat">options</arg>
|
||||
|
||||
<arg choice="plain"><option>delete {</option></arg>
|
||||
@ -177,9 +156,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>disable</option></arg>
|
||||
@ -191,9 +167,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>drop</option></arg>
|
||||
@ -204,8 +177,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>dump</option></arg>
|
||||
@ -222,9 +193,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>enable</option></arg>
|
||||
@ -236,9 +204,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>export</option></arg>
|
||||
@ -252,9 +217,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>forget</option></arg>
|
||||
@ -265,8 +227,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>help</option></arg>
|
||||
@ -275,8 +235,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -286,8 +244,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>ipcalc</option></arg>
|
||||
@ -304,8 +260,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>iprange</option></arg>
|
||||
@ -317,8 +271,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>iptrace</option></arg>
|
||||
@ -330,9 +282,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>logdrop</option></arg>
|
||||
@ -343,8 +292,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>logwatch</option></arg>
|
||||
@ -357,9 +304,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>logreject</option></arg>
|
||||
@ -370,8 +314,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>noiptrace</option></arg>
|
||||
@ -394,9 +336,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>reenable</option></arg>
|
||||
@ -408,9 +347,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>reject</option></arg>
|
||||
@ -421,9 +357,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>reload</option></arg>
|
||||
@ -448,10 +381,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>remote-getcaps</option></arg>
|
||||
|
||||
<arg><option>-s</option></arg>
|
||||
@ -472,8 +401,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>remote-getrc</option></arg>
|
||||
@ -496,8 +423,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>remote-start</option></arg>
|
||||
@ -520,8 +445,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>remote-reload</option></arg>
|
||||
@ -544,8 +467,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>remote-restart</option></arg>
|
||||
@ -568,9 +489,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -581,9 +499,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>restart</option></arg>
|
||||
@ -608,9 +523,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -622,9 +534,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>run</option></arg>
|
||||
@ -637,9 +546,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>safe-restart</option></arg>
|
||||
@ -656,8 +562,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>safe-start</option></arg>
|
||||
@ -674,9 +578,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -688,9 +589,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>savesets</option></arg>
|
||||
@ -699,8 +597,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -713,8 +609,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -735,8 +629,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -761,8 +653,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -774,8 +664,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -787,8 +675,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -800,8 +686,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -814,8 +698,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -827,8 +709,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -841,8 +721,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -853,8 +731,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="req"><option>show | list | ls </option></arg>
|
||||
@ -867,8 +743,7 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
@ -892,9 +767,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -904,8 +776,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><arg
|
||||
@ -915,9 +785,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>try</option></arg>
|
||||
@ -930,8 +797,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg choice="plain"><option>update</option></arg>
|
||||
@ -956,8 +821,6 @@
|
||||
<cmdsynopsis>
|
||||
<command>shorewall[6][-lite]</command>
|
||||
|
||||
<arg choice="opt"><option>trace</option>|<option>debug</option></arg>
|
||||
|
||||
<arg>options</arg>
|
||||
|
||||
<arg
|
||||
@ -1025,16 +888,7 @@
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
|
||||
<para>The <option>trace</option> and <option>debug</option> options are
|
||||
used for debugging. See <ulink
|
||||
url="/starting_and_stopping_shorewall.htm#Trace">http://www.shorewall.org/starting_and_stopping_shorewall.htm#Trace</ulink>.</para>
|
||||
|
||||
<para>The <option>nolock</option> option prevents the command from
|
||||
attempting to acquire the Shorewall lockfile. It is useful if you need to
|
||||
include <command>shorewall</command> commands in
|
||||
<filename>/etc/shorewall/started</filename>.</para>
|
||||
|
||||
<para>Other <replaceable>options</replaceable> are:</para>
|
||||
<para>The <replaceable>options</replaceable> are:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
@ -1176,6 +1030,40 @@
|
||||
<para>Causes all progress messages to be timestamped.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-T</term>
|
||||
|
||||
<listitem>
|
||||
<para>If the command invokes the generated firewall script, the
|
||||
script's execution will be traced to standard error. This option
|
||||
replaces the earlier <emphasis role="bold">trace</emphasis>
|
||||
keyword.</para>
|
||||
|
||||
<caution>
|
||||
<para>If both -T and -D are specified, only the last one specified
|
||||
will be in effect.</para>
|
||||
</caution>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-D</term>
|
||||
|
||||
<listitem>
|
||||
<para>If the command invokes the generated firewall script,
|
||||
individual invocations of the ip[6]tables utility will be used to
|
||||
configure the ruleset rather than ip[6]tables-restore. This is
|
||||
useful for diagnosing ip[6]tables-restore failures on a *COMMIT
|
||||
command. The option replaces the earlier <emphasis
|
||||
role="bold">debug</emphasis> keyword.</para>
|
||||
|
||||
<caution>
|
||||
<para>If both -T and -D are specified, only the last one specified
|
||||
will be in effect.</para>
|
||||
</caution>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
@ -1214,11 +1102,12 @@
|
||||
<para>Beginning with Shorewall 4.5.9, the <emphasis
|
||||
role="bold">dynamic_shared</emphasis> zone option (<ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5),<ulink
|
||||
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5)) allows a single ipset to
|
||||
handle entries for multiple interfaces. When that option is
|
||||
specified for a zone, the <command>add</command> command has the
|
||||
alternative syntax in which the <replaceable>zone</replaceable> name
|
||||
precedes the <replaceable>host-list</replaceable>.</para>
|
||||
url="/manpages/shorewall-zones.html">shorewall6-zones</ulink>(5))
|
||||
allows a single ipset to handle entries for multiple interfaces.
|
||||
When that option is specified for a zone, the <command>add</command>
|
||||
command has the alternative syntax in which the
|
||||
<replaceable>zone</replaceable> name precedes the
|
||||
<replaceable>host-list</replaceable>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1294,7 +1183,7 @@
|
||||
<term><emphasis role="bold">check</emphasis> [-<option>e</option>]
|
||||
[-<option>d</option>] [-<option>p</option>] [-<option>r</option>]
|
||||
[-<option>T</option>] [-<option>i</option>]
|
||||
[<replaceable>directory</replaceable>]</term>
|
||||
[-D][<replaceable>directory</replaceable>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Not available with Shorewall[6]-lite.</para>
|
||||
@ -1333,6 +1222,10 @@
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<para>The <emphasis role="bold">-D </emphasis>option was added in
|
||||
Shoewall 5.2.4 and causes the compiler to write a large amount of
|
||||
debugging information to standard output.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1383,8 +1276,9 @@
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">compile </emphasis>[-<option>e</option>]
|
||||
[-<option>c</option>] [-<option>d</option>] [-<option>p</option>]
|
||||
[-<option>T</option>] [-<option>i</option>] [<replaceable> directory
|
||||
</replaceable>] [<replaceable> pathname</replaceable> ]</term>
|
||||
[-<option>T</option>] [-<option>i</option>] [-D] [<replaceable>
|
||||
directory </replaceable>] [<replaceable> pathname</replaceable>
|
||||
]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Not available with shorewall[6]-lite.</para>
|
||||
@ -1441,6 +1335,10 @@
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)).</para>
|
||||
|
||||
<para>The <emphasis role="bold">-D </emphasis>option was added in
|
||||
Shoewall 5.2.4 and causes the compiler to write a large amount of
|
||||
debugging information to standard output.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1700,16 +1598,16 @@
|
||||
<para>Monitors the log file specified by the LOGFILE option in
|
||||
<ulink url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5))
|
||||
and produces an audible alarm when new Shorewall messages are
|
||||
logged. The <emphasis role="bold">-m</emphasis> option causes the
|
||||
MAC address of each packet source to be displayed if that
|
||||
information is available. The
|
||||
<replaceable>refresh-interval</replaceable> specifies the time in
|
||||
seconds between screen refreshes. You can enter a negative number by
|
||||
preceding the number with "--" (e.g., <command>shorewall logwatch --
|
||||
-30</command>). In this case, when a packet count changes, you will
|
||||
be prompted to hit any key to resume screen refreshes.</para>
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) and
|
||||
produces an audible alarm when new Shorewall messages are logged.
|
||||
The <emphasis role="bold">-m</emphasis> option causes the MAC
|
||||
address of each packet source to be displayed if that information is
|
||||
available. The <replaceable>refresh-interval</replaceable> specifies
|
||||
the time in seconds between screen refreshes. You can enter a
|
||||
negative number by preceding the number with "--" (e.g.,
|
||||
<command>shorewall logwatch -- -30</command>). In this case, when a
|
||||
packet count changes, you will be prompted to hit any key to resume
|
||||
screen refreshes.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1824,7 +1722,8 @@
|
||||
<term><emphasis role="bold">reload </emphasis>[-<option>n</option>]
|
||||
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
|
||||
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
|
||||
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term>
|
||||
[-<option>C</option>] [-D] [ <replaceable>directory</replaceable>
|
||||
]</term>
|
||||
|
||||
<listitem>
|
||||
<para>This command was re-implemented in Shorewall 5.0.0. The
|
||||
@ -1889,6 +1788,10 @@
|
||||
the one that generated the current running configuration, then
|
||||
the running netfilter configuration will be reloaded as is so
|
||||
as to preserve the iptables packet and byte counters.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-D </emphasis>option was added
|
||||
in Shoewall 5.2.4 and causes the compiler to write a large
|
||||
amount of debugging information to standard output.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2071,7 +1974,8 @@
|
||||
Beginning with Shorewall 5.0.13, if
|
||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||
option setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>
|
||||
(<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
assumed. In that case, if you want to specify a
|
||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||
@ -2144,7 +2048,8 @@
|
||||
Beginning with Shorewall 5.0.13, if
|
||||
<replaceable>system</replaceable> is omitted, then the FIREWALL
|
||||
option setting in <ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink> (<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf(5)</ulink>
|
||||
(<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5)) is
|
||||
assumed. In that case, if you want to specify a
|
||||
<replaceable>directory</replaceable>, then the <option>-D</option>
|
||||
@ -2178,6 +2083,10 @@
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5)
|
||||
(<ulink
|
||||
url="/manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <emphasis role="bold">-D </emphasis>option was added in
|
||||
Shoewall 5.2.4 and causes the compiler to write a large amount of
|
||||
debugging information to standard output.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2204,7 +2113,8 @@
|
||||
<term><emphasis role="bold">restart </emphasis>[-<option>n</option>]
|
||||
[-<option>p</option>] [-<option>d</option>] [-<option>f</option>]
|
||||
[-<option>c</option>] [-<option>T</option>] [-<option>i</option>]
|
||||
[-<option>C</option>] [ <replaceable>directory</replaceable> ]</term>
|
||||
[-<option>C</option>] [-D] [ <replaceable>directory</replaceable>
|
||||
]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Beginning with Shorewall 5.0.0, this command performs a true
|
||||
@ -2264,6 +2174,10 @@
|
||||
the one that generated the current running configuration, then
|
||||
the running netfilter configuration will be reloaded as is so
|
||||
as to preserve the iptables packet and byte counters.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-D </emphasis>option was added
|
||||
in Shoewall 5.2.4 and causes the compiler to write a large
|
||||
amount of debugging information to standard output.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2831,8 +2745,8 @@
|
||||
<term><emphasis role="bold">start </emphasis><emphasis role="bold">
|
||||
</emphasis>[-<option>n</option>] [-<option>p</option>]
|
||||
[-<option>d</option>] [-<option>f</option>] [-<option>c</option>]
|
||||
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [
|
||||
<replaceable>directory</replaceable> ]</term>
|
||||
[-<option>T</option>] [-<option>i</option>] [-<option>C</option>] [-D]
|
||||
[ <replaceable>directory</replaceable> ]</term>
|
||||
|
||||
<listitem>
|
||||
<para><variablelist>
|
||||
@ -2906,6 +2820,11 @@
|
||||
option was also specified in the <emphasis
|
||||
role="bold">save</emphasis> command, then the packet and
|
||||
byte counters will be restored.</para>
|
||||
|
||||
<para>The <emphasis role="bold">-D </emphasis>option was
|
||||
added in Shoewall 5.2.4 and causes the compiler to write a
|
||||
large amount of debugging information to standard
|
||||
output.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -54,6 +54,8 @@ usage() {
|
||||
echo " -c Save/restore iptables counters"
|
||||
echo " -V <verbosity> Set verbosity explicitly"
|
||||
echo " -R <file> Override RESTOREFILE setting"
|
||||
echo " -T Trace execution"
|
||||
echo " -D Debug iptables"
|
||||
exit $1
|
||||
}
|
||||
|
||||
@ -109,20 +111,6 @@ reload_command() {
|
||||
# E X E C U T I O N B E G I N S H E R E #
|
||||
################################################################################
|
||||
#
|
||||
# Start trace if first arg is "debug" or "trace"
|
||||
#
|
||||
g_debug_iptables=
|
||||
|
||||
if [ $# -gt 1 ]; then
|
||||
if [ "x$1" = "xtrace" ]; then
|
||||
set -x
|
||||
shift
|
||||
elif [ "x$1" = "xdebug" ]; then
|
||||
g_debug_iptables=Yes
|
||||
shift
|
||||
fi
|
||||
fi
|
||||
#
|
||||
# Map VERBOSE to VERBOSITY for compatibility with old Shorewall[6]-lite installations
|
||||
#
|
||||
[ -z "$VERBOSITY" ] && [ -n "$VERBOSE" ] && VERBOSITY=$VERBOSE
|
||||
@ -152,6 +140,7 @@ g_dockeriso=
|
||||
g_dockerisostage=
|
||||
g_forcereload=
|
||||
g_fallback=
|
||||
g_debug_iptables=
|
||||
|
||||
[ -n "$SERVICEDIR" ] && SUBSYSLOCK=
|
||||
|
||||
@ -258,6 +247,14 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
RESTOREFILE=$option
|
||||
option=
|
||||
;;
|
||||
T*)
|
||||
set -x;
|
||||
option=${option#T}
|
||||
;;
|
||||
D*)
|
||||
g_debug_iptables=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
|
@ -8,7 +8,7 @@
|
||||
# signaling that the firewall is completely up).
|
||||
#
|
||||
# This script should not change the firewall configuration directly but
|
||||
# may do so indirectly by running /sbin/shorewall with the 'nolock'
|
||||
# may do so indirectly by running /sbin/shorewall with the -N
|
||||
# option.
|
||||
#
|
||||
# See http://shorewall.org/shorewall_extension_scripts.htm for additional
|
||||
|
@ -503,7 +503,7 @@ compiler() {
|
||||
[ -n "$g_timestamp" ] && options="$options --timestamp"
|
||||
[ -n "$g_test" ] && options="$options --test"
|
||||
[ -n "$g_preview" ] && options="$options --preview"
|
||||
[ "$g_debugging" = trace ] && options="$options --debug"
|
||||
[ -n "$g_trace" ] && options="$options --debug"
|
||||
[ -n "$g_confess" ] && options="$options --confess"
|
||||
[ -n "$g_update" ] && options="$options --update"
|
||||
[ -n "$g_annotate" ] && options="$options --annotate"
|
||||
@ -531,7 +531,7 @@ compiler() {
|
||||
#
|
||||
# Only use the pager if 'trace' or -r was specified and -d was not
|
||||
#
|
||||
[ "$g_debugging" != trace -a -z "$g_preview" ] || [ -n "$g_debug" ] && g_pager=
|
||||
[ -z "$g_trace" -a -z "$g_preview" ] || [ -n "$g_debug" ] && g_pager=
|
||||
|
||||
case $PERL_HASH_SEED in
|
||||
random)
|
||||
@ -615,6 +615,10 @@ start_command() {
|
||||
g_counters=Yes
|
||||
option=${option#C}
|
||||
;;
|
||||
D*)
|
||||
g_trace=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
*)
|
||||
option_error $option
|
||||
;;
|
||||
@ -660,14 +664,14 @@ start_command() {
|
||||
|
||||
if [ -n "$AUTOMAKE" ]; then
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
run_it $g_firewall $g_debugging start
|
||||
run_it $g_firewall start
|
||||
rc=$?
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
else
|
||||
g_file="${VARDIR}/.start"
|
||||
if compiler $g_debugging $g_nolock compile "$g_file"; then
|
||||
if compiler compile "$g_file"; then
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
run_it ${VARDIR}/.start $g_debugging start
|
||||
run_it ${VARDIR}/.start start
|
||||
rc=$?
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
else
|
||||
@ -721,6 +725,10 @@ compile_command() {
|
||||
g_confess=Yes
|
||||
option=${option#T}
|
||||
;;
|
||||
D*)
|
||||
g_trace=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
-)
|
||||
finished=1
|
||||
option=
|
||||
@ -768,7 +776,7 @@ compile_command() {
|
||||
|
||||
[ "x$g_file" = x- ] && g_doing=''
|
||||
|
||||
compiler $g_debugging compile "$g_file"
|
||||
compiler compile "$g_file"
|
||||
}
|
||||
|
||||
#
|
||||
@ -815,6 +823,10 @@ check_command() {
|
||||
g_confess=Yes
|
||||
option=${option#T}
|
||||
;;
|
||||
D*)
|
||||
g_trace=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
*)
|
||||
option_error $option
|
||||
;;
|
||||
@ -851,7 +863,7 @@ check_command() {
|
||||
|
||||
g_doing="Checking"
|
||||
|
||||
compiler $g_debugging $g_nolock check
|
||||
compiler check
|
||||
}
|
||||
|
||||
#
|
||||
@ -906,6 +918,10 @@ update_command() {
|
||||
A*)
|
||||
option=${option#A}
|
||||
;;
|
||||
D*)
|
||||
g_trace=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
*)
|
||||
option_error $option
|
||||
;;
|
||||
@ -942,7 +958,7 @@ update_command() {
|
||||
|
||||
g_doing="Updating"
|
||||
|
||||
compiler $g_debugging $g_nolock check
|
||||
compiler check
|
||||
}
|
||||
|
||||
#
|
||||
@ -999,6 +1015,10 @@ restart_command() {
|
||||
g_counters=Yes
|
||||
option=${option#C}
|
||||
;;
|
||||
D*)
|
||||
g_trace=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
*)
|
||||
option_error $option
|
||||
;;
|
||||
@ -1044,9 +1064,9 @@ restart_command() {
|
||||
g_file="${VARDIR}/.${COMMAND}"
|
||||
|
||||
if [ -z "$g_fast" ]; then
|
||||
if compiler $g_debugging $g_nolock compile "$g_file"; then
|
||||
if compiler compile "$g_file"; then
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
run_it ${VARDIR}/.${COMMAND} $g_debugging ${COMMAND}
|
||||
run_it ${VARDIR}/.${COMMAND} ${COMMAND}
|
||||
rc=$?
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
else
|
||||
@ -1056,7 +1076,7 @@ restart_command() {
|
||||
else
|
||||
[ -x $g_firewall ] || fatal_error "No $g_firewall file found"
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
run_it $g_firewall $g_debugging $COMMAND
|
||||
run_it $g_firewall $COMMAND
|
||||
rc=$?
|
||||
[ -n "$g_nolock" ] || mutex_off
|
||||
fi
|
||||
@ -1197,7 +1217,7 @@ safe_commands() {
|
||||
|
||||
g_file="${VARDIR}/.$command"
|
||||
|
||||
if ! compiler $g_debugging nolock compile "$g_file"; then
|
||||
if ! compiler compile "$g_file"; then
|
||||
status=$?
|
||||
exit $status
|
||||
fi
|
||||
@ -1223,7 +1243,7 @@ safe_commands() {
|
||||
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
|
||||
if run_it ${VARDIR}/.$command $g_debugging $command; then
|
||||
if run_it ${VARDIR}/.$command $command; then
|
||||
|
||||
printf "Do you want to accept the new firewall configuration? [y/n] "
|
||||
|
||||
@ -1334,7 +1354,7 @@ try_command() {
|
||||
|
||||
g_file="${VARDIR}/.$command"
|
||||
|
||||
if ! compiler $g_debugging $g_nolock compile "$g_file"; then
|
||||
if ! compiler compile "$g_file"; then
|
||||
status=$?
|
||||
exit $status
|
||||
fi
|
||||
@ -1356,7 +1376,7 @@ try_command() {
|
||||
|
||||
[ -n "$g_nolock" ] || mutex_on
|
||||
|
||||
if run_it ${VARDIR}/.$command $g_debugging $command && [ -n "$timeout" ]; then
|
||||
if run_it ${VARDIR}/.$command $command && [ -n "$timeout" ]; then
|
||||
sleep $timeout
|
||||
|
||||
if [ "$command" = "reload" ]; then
|
||||
@ -1606,6 +1626,10 @@ remote_commands() # $* = original arguments less the command.
|
||||
g_confess=Yes
|
||||
option=${option#T}
|
||||
;;
|
||||
D*)
|
||||
g_trace=Yes
|
||||
option=${option#D}
|
||||
;;
|
||||
*)
|
||||
option_error $option
|
||||
;;
|
||||
@ -1697,7 +1721,7 @@ remote_commands() # $* = original arguments less the command.
|
||||
|
||||
exitstatus=0
|
||||
|
||||
if compiler $g_debugging compiler "$g_file"; then
|
||||
if compiler compiler "$g_file"; then
|
||||
progress_message3 "Copying $file and ${file}.conf to ${system}:${litedir}..."
|
||||
if rcp_command "$g_shorewalldir/firewall $g_shorewalldir/firewall.conf" ${litedir}; then
|
||||
save=$(find_file save);
|
||||
@ -1712,20 +1736,20 @@ remote_commands() # $* = original arguments less the command.
|
||||
progress_message3 "Copy complete"
|
||||
|
||||
if [ $COMMAND = remote-reload ]; then
|
||||
if rsh_command "$program $g_debugging $verbose $timestamp reload"; then
|
||||
if rsh_command "$program $verbose $timestamp reload"; then
|
||||
progress_message3 "System $system reloaded"
|
||||
else
|
||||
exitstatus=$?
|
||||
savit=
|
||||
fi
|
||||
elif [ $COMMAND = remote-restart ]; then
|
||||
if rsh_command "$program $g_debugging $verbose $timestamp restart"; then
|
||||
if rsh_command "$program $verbose $timestamp restart"; then
|
||||
progress_message3 "System $system restarted"
|
||||
else
|
||||
exitstatus=$?
|
||||
saveit=
|
||||
fi
|
||||
elif rsh_command "$program $g_debugging $verbose $timestamp start"; then
|
||||
elif rsh_command "$program $verbose $timestamp start"; then
|
||||
progress_message3 "System $system started"
|
||||
else
|
||||
exitstatus=$?
|
||||
@ -1733,7 +1757,7 @@ remote_commands() # $* = original arguments less the command.
|
||||
fi
|
||||
|
||||
if [ -n "$saveit" ]; then
|
||||
if rsh_command "$program $g_debugging $verbose $timestamp save"; then
|
||||
if rsh_command "$program $verbose $timestamp save"; then
|
||||
progress_message3 "Configuration on system $system saved"
|
||||
else
|
||||
exitstatus=$?
|
||||
@ -1816,7 +1840,7 @@ export_command() # $* = original arguments less the command.
|
||||
|
||||
g_file="$g_shorewalldir/firewall"
|
||||
|
||||
if compiler $g_debugging compile "$g_file" && \
|
||||
if compiler compile "$g_file" && \
|
||||
echo "Copying $file and ${file}.conf to ${target#*@}..." && \
|
||||
scp $g_shorewalldir/firewall $g_shorewalldir/firewall.conf $target
|
||||
then
|
||||
@ -1831,7 +1855,7 @@ export_command() # $* = original arguments less the command.
|
||||
run_command() {
|
||||
if [ -x $g_firewall ] ; then
|
||||
uptodate $g_firewall || echo " WARNING: $g_firewall is not up to date" >&2
|
||||
run_it $g_firewall $g_debugging $@
|
||||
run_it $g_firewall $@
|
||||
else
|
||||
fatal_error "$g_firewall does not exist or is not executable"
|
||||
fi
|
||||
|
@ -8,7 +8,7 @@
|
||||
# firewall is completely up).
|
||||
#
|
||||
# This script should not change the firewall configuration directly but
|
||||
# may do so indirectly by running /sbin/shorewall6 with the 'nolock'
|
||||
# may do so indirectly by running /sbin/shorewall6 with the '-N'
|
||||
# option.
|
||||
#
|
||||
# See http://shorewall.org/shorewall_extension_scripts.htm for additional
|
||||
|
@ -259,37 +259,6 @@
|
||||
</warning>
|
||||
</section>
|
||||
|
||||
<section id="Boot">
|
||||
<title>Having Shorewall Start Automatically at Boot Time</title>
|
||||
|
||||
<para>The .rpm, .deb and .tgz all try to configure your startup scripts so
|
||||
that Shorewall will start automatically at boot time. If you are using the
|
||||
<command>install.sh </command>script from the .tgz and it cannot determine
|
||||
how to configure automatic startup, a message to that effect will be
|
||||
displayed. You will need to consult your distribution's documentation to
|
||||
see how to integrate the <filename>/etc/init.d/shorewall</filename> script
|
||||
into the distribution's startup mechanism.<caution>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Shorewall startup is disabled by default. Once you have
|
||||
configured your firewall, you can enable startup by editing
|
||||
<filename>/etc/shorewall/shorewall.conf</filename> and setting
|
||||
STARTUP_ENABLED=Yes.. Note: Users of the .deb package must rather
|
||||
edit <filename>/etc/default/shorewall</filename> and set
|
||||
<quote>startup=1</quote>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If you use dialup or some flavor of PPP where your IP
|
||||
address can change arbitrarily, you may want to start the firewall
|
||||
in your <command>/etc/ppp/ip-up.local</command> script. I
|
||||
recommend just placing <quote><command>/sbin/shorewall
|
||||
restart</command></quote> in that script.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</caution></para>
|
||||
</section>
|
||||
|
||||
<section id="Saved">
|
||||
<title>Saving a Working Configuration for Error Recovery and Fast
|
||||
Startup</title>
|
||||
|
Loading…
Reference in New Issue
Block a user