forked from extern/shorewall_code
Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
2656a9b0c7
commit
cce4bf277a
@ -161,13 +161,13 @@ get_config() {
|
||||
# Verify that we have a compiled firewall script
|
||||
#
|
||||
verify_firewall_script() {
|
||||
if [ ! -f $FIREWALL ]; then
|
||||
if [ ! -f $g_firewall ]; then
|
||||
echo " ERROR: Shorewall Lite is not properly installed" >&2
|
||||
if [ -L $FIREWALL ]; then
|
||||
echo " $FIREWALL is a symbolic link to a" >&2
|
||||
if [ -L $g_firewall ]; then
|
||||
echo " $g_firewall is a symbolic link to a" >&2
|
||||
echo " non-existant file" >&2
|
||||
else
|
||||
echo " The file $FIREWALL does not exist" >&2
|
||||
echo " The file $g_firewall does not exist" >&2
|
||||
fi
|
||||
|
||||
exit 2
|
||||
@ -249,6 +249,7 @@ start_command() {
|
||||
esac
|
||||
|
||||
export NOROUTES
|
||||
export PURGE
|
||||
|
||||
if [ -n "$FAST" ]; then
|
||||
if qt mywhich make; then
|
||||
@ -343,6 +344,7 @@ restart_command() {
|
||||
esac
|
||||
|
||||
export NOROUTES
|
||||
export PURGE
|
||||
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
|
||||
@ -559,7 +561,6 @@ else
|
||||
fi
|
||||
|
||||
ensure_config_path
|
||||
export CONFIG_PATH
|
||||
|
||||
LITEDIR=${VARDIR}
|
||||
|
||||
@ -567,7 +568,7 @@ LITEDIR=${VARDIR}
|
||||
|
||||
get_config
|
||||
|
||||
FIREWALL=$LITEDIR/firewall
|
||||
g_firewall=$LITEDIR/firewall
|
||||
|
||||
if [ -f $version_file ]; then
|
||||
SHOREWALL_VERSION=$(cat $SHOREWALL_VERSION_FILE)
|
||||
@ -610,11 +611,11 @@ case "$COMMAND" in
|
||||
[ $# -ne 1 ] && usage 1
|
||||
verify_firewall_script
|
||||
export NOROUTES
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
|
||||
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $COMMAND
|
||||
;;
|
||||
reset)
|
||||
verify_firewall_script
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $@
|
||||
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $@
|
||||
;;
|
||||
restart)
|
||||
shift
|
||||
|
@ -70,6 +70,10 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
TIMESTAMP=Yes
|
||||
option=${option#t}
|
||||
;;
|
||||
p*)
|
||||
PURGE=Yes
|
||||
option=${option#p}
|
||||
;;
|
||||
r*)
|
||||
RECOVERING=Yes
|
||||
option=${option#r}
|
||||
@ -96,6 +100,33 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
startup_error "Missing -V option value"
|
||||
fi
|
||||
;;
|
||||
R*)
|
||||
option=${option#R}
|
||||
|
||||
if [ -z "$option" -a $# -gt 0 ]; then
|
||||
shift
|
||||
option=$1
|
||||
fi
|
||||
|
||||
if [ -n "$option" ]; then
|
||||
case $option in
|
||||
*/*)
|
||||
startup_error "-R must specify a simple file name: $option"
|
||||
;;
|
||||
.safe|.try|NONE)
|
||||
;;
|
||||
.*)
|
||||
error_message "ERROR: Reserved File Name: $RESTOREFILE"
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
else
|
||||
startup_error "Missing -R option value"
|
||||
fi
|
||||
|
||||
RESTOREFILE=$option
|
||||
option=
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
|
@ -70,6 +70,10 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
TIMESTAMP=Yes
|
||||
option=${option#t}
|
||||
;;
|
||||
p*)
|
||||
PURGE=Yes
|
||||
option=${option#p}
|
||||
;;
|
||||
r*)
|
||||
RECOVERING=Yes
|
||||
option=${option#r}
|
||||
@ -96,6 +100,33 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
startup_error "Missing -V option value"
|
||||
fi
|
||||
;;
|
||||
R*)
|
||||
option=${option#R}
|
||||
|
||||
if [ -z "$option" -a $# -gt 0 ]; then
|
||||
shift
|
||||
option=$1
|
||||
fi
|
||||
|
||||
if [ -n "$option" ]; then
|
||||
case $option in
|
||||
*/*)
|
||||
startup_error "-R must specify a simple file name: $option"
|
||||
;;
|
||||
.safe|.try|NONE)
|
||||
;;
|
||||
.*)
|
||||
error_message "ERROR: Reserved File Name: $RESTOREFILE"
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
else
|
||||
startup_error "Missing -R option value"
|
||||
fi
|
||||
|
||||
RESTOREFILE=$option
|
||||
option=
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift
|
||||
|
@ -66,8 +66,6 @@ get_config() {
|
||||
#
|
||||
# This block is avoided for compile for export and when the user isn't root
|
||||
#
|
||||
export CONFIG_PATH
|
||||
|
||||
if [ "$3" = Yes ]; then
|
||||
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
|
||||
|
||||
@ -94,8 +92,6 @@ get_config() {
|
||||
fi
|
||||
fi
|
||||
|
||||
export IPTABLES
|
||||
|
||||
if [ -n "$IP" ]; then
|
||||
case "$IP" in
|
||||
*/*)
|
||||
@ -117,8 +113,6 @@ get_config() {
|
||||
IP='ip'
|
||||
fi
|
||||
|
||||
export IP
|
||||
|
||||
if [ -n "$IPSET" ]; then
|
||||
case "$IPSET" in
|
||||
*/*)
|
||||
@ -140,8 +134,6 @@ get_config() {
|
||||
IPSET='ipset'
|
||||
fi
|
||||
|
||||
export IPSET
|
||||
|
||||
if [ -n "$TC" ]; then
|
||||
case "$TC" in
|
||||
*/*)
|
||||
@ -162,9 +154,6 @@ get_config() {
|
||||
else
|
||||
TC='tc'
|
||||
fi
|
||||
|
||||
export TC
|
||||
|
||||
#
|
||||
# Compile by non-root needs no restore file
|
||||
#
|
||||
@ -213,8 +202,6 @@ get_config() {
|
||||
|
||||
[ -n "$LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
|
||||
|
||||
export LOGFORMAT
|
||||
|
||||
if [ -n "$STARTUP_LOG" ]; then
|
||||
if [ -n "$LOG_VERBOSITY" ]; then
|
||||
case $LOG_VERBOSITY in
|
||||
@ -469,7 +456,6 @@ start_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
AUTOMAKE=
|
||||
;;
|
||||
*)
|
||||
@ -597,7 +583,6 @@ compile_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
file=$2
|
||||
;;
|
||||
*)
|
||||
@ -673,7 +658,6 @@ check_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
@ -753,7 +737,6 @@ restart_command() {
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
[ -n "$g_fast" ] && fatal_error "Directory may not be specified with the -f option"
|
||||
export SHOREWALL_DIR
|
||||
AUTOMAKE=
|
||||
;;
|
||||
*)
|
||||
@ -921,7 +904,6 @@ safe_commands() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
@ -1017,7 +999,6 @@ try_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
}
|
||||
|
||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
@ -1576,7 +1557,6 @@ if [ $# -eq 0 ]; then
|
||||
usage 1
|
||||
fi
|
||||
|
||||
[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIR
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
export PATH
|
||||
MUTEX_TIMEOUT=
|
||||
|
@ -161,13 +161,13 @@ get_config() {
|
||||
# Verify that we have a compiled firewall script
|
||||
#
|
||||
verify_firewall_script() {
|
||||
if [ ! -f $FIREWALL ]; then
|
||||
if [ ! -f $g_firewall ]; then
|
||||
echo " ERROR: Shorewall6 Lite is not properly installed" >&2
|
||||
if [ -L $FIREWALL ]; then
|
||||
echo " $FIREWALL is a symbolic link to a" >&2
|
||||
if [ -L $g_firewall ]; then
|
||||
echo " $g_firewall is a symbolic link to a" >&2
|
||||
echo " non-existant file" >&2
|
||||
else
|
||||
echo " The file $FIREWALL does not exist" >&2
|
||||
echo " The file $g_firewall does not exist" >&2
|
||||
fi
|
||||
|
||||
exit 2
|
||||
@ -249,6 +249,7 @@ start_command() {
|
||||
esac
|
||||
|
||||
export NOROUTES
|
||||
export PURGE
|
||||
|
||||
if [ -n "$FAST" ]; then
|
||||
if qt mywhich make; then
|
||||
@ -343,6 +344,7 @@ restart_command() {
|
||||
esac
|
||||
|
||||
export NOROUTES
|
||||
export PURGE
|
||||
|
||||
[ -n "$nolock" ] || mutex_on
|
||||
|
||||
@ -553,7 +555,7 @@ LITEDIR=${VARDIR}
|
||||
|
||||
get_config
|
||||
|
||||
FIREWALL=$LITEDIR/firewall
|
||||
g_firewall=$LITEDIR/firewall
|
||||
|
||||
if [ -f $version_file ]; then
|
||||
SHOREWALL_VERSION=$(cat $version_file)
|
||||
@ -596,7 +598,7 @@ case "$COMMAND" in
|
||||
[ $# -ne 1 ] && usage 1
|
||||
verify_firewall_script
|
||||
export NOROUTES
|
||||
exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND
|
||||
exec $SHOREWALL_SHELL $g_firewall $debugging $nolock $COMMAND
|
||||
;;
|
||||
restart)
|
||||
shift
|
||||
|
@ -66,8 +66,6 @@ get_config() {
|
||||
#
|
||||
# This block is avoided for compile for export and when the user isn't root
|
||||
#
|
||||
export CONFIG_PATH
|
||||
|
||||
if [ "$3" = Yes ]; then
|
||||
[ -z "$LOGFILE" ] && LOGFILE=/var/log/messages
|
||||
|
||||
@ -94,8 +92,6 @@ get_config() {
|
||||
fi
|
||||
fi
|
||||
|
||||
export IP6TABLES
|
||||
|
||||
#
|
||||
# Compile by non-root needs no restore file
|
||||
#
|
||||
@ -132,8 +128,6 @@ get_config() {
|
||||
|
||||
[ -n "$LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}"
|
||||
|
||||
export LOGFORMAT
|
||||
|
||||
if [ -n "$STARTUP_LOG" ]; then
|
||||
if [ -n "$LOG_VERBOSITY" ]; then
|
||||
case $LOG_VERBOSITY in
|
||||
@ -397,7 +391,6 @@ start_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
AUTOMAKE=
|
||||
;;
|
||||
*)
|
||||
@ -524,7 +517,6 @@ compile_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
file=$2
|
||||
;;
|
||||
*)
|
||||
@ -600,7 +592,6 @@ check_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
@ -680,7 +671,6 @@ restart_command() {
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
[ -n "$g_fast" ] && fatal_error "Directory may not be specified with the -f option"
|
||||
export SHOREWALL_DIR
|
||||
AUTOMAKE=
|
||||
;;
|
||||
*)
|
||||
@ -848,7 +838,6 @@ safe_commands() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
@ -944,7 +933,6 @@ try_command() {
|
||||
fi
|
||||
|
||||
SHOREWALL_DIR=$(resolve_file $1)
|
||||
export SHOREWALL_DIR
|
||||
}
|
||||
|
||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
@ -1489,7 +1477,6 @@ if [ $# -eq 0 ]; then
|
||||
usage 1
|
||||
fi
|
||||
|
||||
[ -n "$SHOREWALL_DIR" ] && export SHOREWALL_DIR
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
export PATH
|
||||
MUTEX_TIMEOUT=
|
||||
|
Loading…
Reference in New Issue
Block a user