From c70e128a11fd73afde32216c94ca659a3e8bed3d Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 30 Nov 2004 22:05:15 +0000 Subject: [PATCH] Split restore-base into two files git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1789 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE2/changelog.txt | 2 ++ STABLE2/firewall | 34 +++++++++++++++++++++------------- STABLE2/releasenotes.txt | 16 ++++++++++++++++ STABLE2/shorewall | 4 +++- 4 files changed, 42 insertions(+), 14 deletions(-) diff --git a/STABLE2/changelog.txt b/STABLE2/changelog.txt index 02bee8add..703322ec4 100644 --- a/STABLE2/changelog.txt +++ b/STABLE2/changelog.txt @@ -91,3 +91,5 @@ Changes in 2.0.12 2) Fix "shorewall add" and "shorewall delete" with bridging. 3) Implement variable expansion in INCLUDE directives + +4) Split restore-base into two files. diff --git a/STABLE2/firewall b/STABLE2/firewall index 707ad60a0..a625ab975 100755 --- a/STABLE2/firewall +++ b/STABLE2/firewall @@ -5604,6 +5604,25 @@ define_firewall() # $1 = Command (Start or Restart) [ -n "$aliases_to_add" ] && \ echo "Adding IP Addresses..." && add_ip_aliases + for file in chains nat proxyarp zones; do + append_file $file + done + + save_progress_message "Restoring Netfilter Configuration..." + + save_command 'iptables-restore << __EOF__' + + # 'shorewall save' appends the iptables-save output and '__EOF__' + + mv -f $RESTOREBASE /var/lib/shorewall/restore-base-$$ + + > $RESTOREBASE + + save_command "#" + save_command "# Restore tail file generated by Shorewall $version - $(date)" + save_command "#" + save_command "date > $STATEDIR/restarted" + run_user_exit start createchain shorewall no @@ -5614,19 +5633,8 @@ define_firewall() # $1 = Command (Start or Restart) rm -rf $TMP_DIR - for file in chains nat proxyarp zones; do - append_file $file - done - - save_command "date > $STATEDIR/restarted" - - save_progress_message "Restoring Netfilter Configuration..." - - save_command 'iptables-restore << __EOF__' - - # 'shorewall save' appends the iptables-save output and '__EOF__' - - mv -f $RESTOREBASE /var/lib/shorewall/restore-base + mv -f /var/lib/shorewall/restore-base-$$ /var/lib/shorewall/restore-base + mv -f $RESTOREBASE /var/lib/shorewall/restore-tail } diff --git a/STABLE2/releasenotes.txt b/STABLE2/releasenotes.txt index c8bc61107..1ac49c040 100644 --- a/STABLE2/releasenotes.txt +++ b/STABLE2/releasenotes.txt @@ -204,6 +204,22 @@ Problems corrected in 2.0.12 shorewall add br0:eth2:192.168.1.3 OK shorewall delete br0:eth2:192.168.1.3 OK + +3) Previously, "shorewall save" created an out-of-sequence restore + script. The commands saved in the user's /etc/shorewall/start script + were executed prior to the Netfilter configuration being + restored. This has been corrected so that "shorewall save" now + places those commands at the end of the script. + + To accomplish this change, the "restore base" file + (/var/lib/shorewall/restore-base) has been split into two files: + + /var/lib/shorewall/restore-base -- commands to be executed before + Netfilter the configuration is restored. + + /var/lib/shorewall/restore-tail -- commands to be executed after the + Netfilter configuration is restored. + ----------------------------------------------------------------------- New Features in 2.0.12 diff --git a/STABLE2/shorewall b/STABLE2/shorewall index e845fabb7..d0d9ca1a2 100755 --- a/STABLE2/shorewall +++ b/STABLE2/shorewall @@ -1070,7 +1070,9 @@ case "$1" in cp -f /var/lib/shorewall/restore-base /var/lib/shorewall/restore-$$ if iptables-save >> /var/lib/shorewall/restore-$$ ; then echo __EOF__ >> /var/lib/shorewall/restore-$$ - mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH + [ -f /var/lib/shorewall/restore-tail ] && \ + cat /var/lib/shorewall/restore-tail >> /var/lib/shorewall/restore-$$ + mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH chmod +x $RESTOREPATH echo " Currently-running Configuration Saved to $RESTOREPATH" else