Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-03-02 14:49:31 -08:00
parent 2656a9b0c7
commit cce4bf277a
6 changed files with 79 additions and 47 deletions

View File

@ -161,13 +161,13 @@ get_config() {
# Verify that we have a compiled firewall script
#
verify_firewall_script() {
if [ ! -f $FIREWALL ]; then
if [ ! -f $g_firewall ]; then
echo " ERROR: Shorewall Lite is not properly installed" >&2
if [ -L $FIREWALL ]; then
echo " $FIREWALL is a symbolic link to a" >&2
if [ -L $g_firewall ]; then
echo " $g_firewall is a symbolic link to a" >&2
echo " non-existant file" >&2
else
echo " The file $FIREWALL does not exist" >&2
echo " The file $g_firewall does not exist" >&2
fi
exit 2
@ -249,6 +249,7 @@ start_command() {
esac
export NOROUTES
export PURGE
if [ -n "$FAST" ]; then
if qt mywhich make; then
@ -343,6 +344,7 @@ restart_command() {
esac
export NOROUTES
export PURGE
[ -n "$nolock" ] || mutex_on
@ -559,7 +561,6 @@ else
fi
ensure_config_path
export CONFIG_PATH
LITEDIR=${VARDIR}
@ -567,7 +568,7 @@ LITEDIR=${VARDIR}
get_config
FIREWALL=$LITEDIR/firewall
g_firewall=$LITEDIR/firewall
if [ -f $version_file ]; then
SHOREWALL_VERSION=$(cat $SHOREWALL_VERSION_FILE)
@ -610,11 +611,11 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1
verify_firewall_script
export NOROUTES
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $COMMAND
;;
reset)
verify_firewall_script
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $@
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $@
;;
restart)
shift

View File

@ -70,6 +70,10 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
TIMESTAMP=Yes
option=${option#t}
;;
p*)
PURGE=Yes
option=${option#p}
;;
r*)
RECOVERING=Yes
option=${option#r}
@ -96,6 +100,33 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
startup_error "Missing -V option value"
fi
;;
R*)
option=${option#R}
if [ -z "$option" -a $# -gt 0 ]; then
shift
option=$1
fi
if [ -n "$option" ]; then
case $option in
*/*)
startup_error "-R must specify a simple file name: $option"
;;
.safe|.try|NONE)
;;
.*)
error_message "ERROR: Reserved File Name: $RESTOREFILE"
exit 2
;;
esac
else
startup_error "Missing -R option value"
fi
RESTOREFILE=$option
option=
;;
*)
usage 1
;;

View File

@ -70,6 +70,10 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
TIMESTAMP=Yes
option=${option#t}
;;
p*)
PURGE=Yes
option=${option#p}
;;
r*)
RECOVERING=Yes
option=${option#r}
@ -96,6 +100,33 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
startup_error "Missing -V option value"
fi
;;
R*)
option=${option#R}
if [ -z "$option" -a $# -gt 0 ]; then
shift
option=$1
fi
if [ -n "$option" ]; then
case $option in
*/*)
startup_error "-R must specify a simple file name: $option"
;;
.safe|.try|NONE)
;;
.*)
error_message "ERROR: Reserved File Name: $RESTOREFILE"
exit 2
;;
esac
else
startup_error "Missing -R option value"
fi
RESTOREFILE=$option
option=
;;
esac
done
shift

View File

@ -66,8 +66,6 @@ get_config() {
#
# This block is avoided for compile for export and when the user isn't root
#
export CONFIG_PATH
if [ "$3" = Yes ]; then
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
@ -94,8 +92,6 @@ get_config() {
fi
fi
export IPTABLES
if [ -n "$IP" ]; then
case "$IP" in
*/*)
@ -117,8 +113,6 @@ get_config() {
IP='ip'
fi
export IP
if [ -n "$IPSET" ]; then
case "$IPSET" in
*/*)
@ -140,8 +134,6 @@ get_config() {
IPSET='ipset'
fi
export IPSET
if [ -n "$TC" ]; then
case "$TC" in
*/*)
@ -162,9 +154,6 @@ get_config() {
else
TC='tc'
fi
export TC
#
# Compile by non-root needs no restore file
#
@ -213,8 +202,6 @@ get_config() {
[ -n "$LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
export LOGFORMAT
if [ -n "$STARTUP_LOG" ]; then
if [ -n "$LOG_VERBOSITY" ]; then
case $LOG_VERBOSITY in
@ -469,7 +456,6 @@ start_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
AUTOMAKE=
;;
*)
@ -597,7 +583,6 @@ compile_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
file=$2
;;
*)
@ -673,7 +658,6 @@ check_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
;;
*)
usage 1
@ -753,7 +737,6 @@ restart_command() {
SHOREWALL_DIR=$(resolve_file $1)
[ -n "$g_fast" ] && fatal_error "Directory may not be specified with the -f option"
export SHOREWALL_DIR
AUTOMAKE=
;;
*)
@ -921,7 +904,6 @@ safe_commands() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
;;
*)
usage 1
@ -1017,7 +999,6 @@ try_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
}
while [ $finished -eq 0 -a $# -gt 0 ]; do
@ -1576,7 +1557,6 @@ if [ $# -eq 0 ]; then
usage 1
fi
[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIR
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
MUTEX_TIMEOUT=

View File

@ -161,13 +161,13 @@ get_config() {
# Verify that we have a compiled firewall script
#
verify_firewall_script() {
if [ ! -f $FIREWALL ]; then
if [ ! -f $g_firewall ]; then
echo " ERROR: Shorewall6 Lite is not properly installed" >&2
if [ -L $FIREWALL ]; then
echo " $FIREWALL is a symbolic link to a" >&2
if [ -L $g_firewall ]; then
echo " $g_firewall is a symbolic link to a" >&2
echo " non-existant file" >&2
else
echo " The file $FIREWALL does not exist" >&2
echo " The file $g_firewall does not exist" >&2
fi
exit 2
@ -249,6 +249,7 @@ start_command() {
esac
export NOROUTES
export PURGE
if [ -n "$FAST" ]; then
if qt mywhich make; then
@ -343,6 +344,7 @@ restart_command() {
esac
export NOROUTES
export PURGE
[ -n "$nolock" ] || mutex_on
@ -553,7 +555,7 @@ LITEDIR=${VARDIR}
get_config
FIREWALL=$LITEDIR/firewall
g_firewall=$LITEDIR/firewall
if [ -f $version_file ]; then
SHOREWALL_VERSION=$(cat $version_file)
@ -596,7 +598,7 @@ case "$COMMAND" in
[ $# -ne 1 ] && usage 1
verify_firewall_script
export NOROUTES
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $COMMAND
;;
restart)
shift

View File

@ -66,8 +66,6 @@ get_config() {
#
# This block is avoided for compile for export and when the user isn't root
#
export CONFIG_PATH
if [ "$3" = Yes ]; then
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
@ -94,8 +92,6 @@ get_config() {
fi
fi
export IP6TABLES
#
# Compile by non-root needs no restore file
#
@ -132,8 +128,6 @@ get_config() {
[ -n "$LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
export LOGFORMAT
if [ -n "$STARTUP_LOG" ]; then
if [ -n "$LOG_VERBOSITY" ]; then
case $LOG_VERBOSITY in
@ -397,7 +391,6 @@ start_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
AUTOMAKE=
;;
*)
@ -524,7 +517,6 @@ compile_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
file=$2
;;
*)
@ -600,7 +592,6 @@ check_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
;;
*)
usage 1
@ -680,7 +671,6 @@ restart_command() {
SHOREWALL_DIR=$(resolve_file $1)
[ -n "$g_fast" ] && fatal_error "Directory may not be specified with the -f option"
export SHOREWALL_DIR
AUTOMAKE=
;;
*)
@ -848,7 +838,6 @@ safe_commands() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
;;
*)
usage 1
@ -944,7 +933,6 @@ try_command() {
fi
SHOREWALL_DIR=$(resolve_file $1)
export SHOREWALL_DIR
}
while [ $finished -eq 0 -a $# -gt 0 ]; do
@ -1489,7 +1477,6 @@ if [ $# -eq 0 ]; then
usage 1
fi
[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIR
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
MUTEX_TIMEOUT=