forked from extern/shorewall_code
Rewrite safe commands and fix verbosity (broken by last night's changes)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3367 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
7576eef179
commit
d8b620774e
@ -8429,7 +8429,7 @@ __EOF__
|
||||
# These variables are required by the library functions called in this script
|
||||
#
|
||||
[ -n \${COMMAND:=restart} ]
|
||||
VERBOSE=${VERBOSE:=0}
|
||||
VERBOSE=\${VERBOSE:=0}
|
||||
MODULESDIR="$MODULESDIR"
|
||||
MODULE_SUFFIX="$MODULE_SUFFIX"
|
||||
LOGLIMIT="$LOGLIMIT"
|
||||
@ -8445,7 +8445,7 @@ __EOF__
|
||||
cat >> $RESTOREBASE << __EOF__
|
||||
IPTABLES="$IPTABLES"
|
||||
|
||||
[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
|
||||
[ -e "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"
|
||||
__EOF__
|
||||
else
|
||||
cat >> $RESTOREBASE << __EOF__
|
||||
@ -8733,6 +8733,7 @@ do_initialize() {
|
||||
SECTION=ESTABLISHED
|
||||
SECTIONS=
|
||||
ALL_PORTS=
|
||||
SAVE_VERBOSE=$VERBOSE
|
||||
|
||||
FUNCTIONS=$SHARED_DIR/functions
|
||||
|
||||
@ -8771,6 +8772,10 @@ do_initialize() {
|
||||
startup_error "$config does not exist!"
|
||||
fi
|
||||
#
|
||||
# Restore VERBOSE
|
||||
#
|
||||
VERBOSE=${SAVE_VERBOSE:-0}
|
||||
#
|
||||
# Restore CONFIG_PATH if the shorewall.conf file cleared it
|
||||
#
|
||||
ensure_config_path
|
||||
|
@ -2,7 +2,7 @@
|
||||
# Give Usage Information #
|
||||
################################################################################
|
||||
usage() {
|
||||
echo "Usage: $0 [ -q ] [ -n ] [ start|stop|clear|reload|restart|status|version ]"
|
||||
echo "Usage: $0 [ -q ] [ -v ] [ -n ] [ start|stop|clear|reload|restart|status|version ]"
|
||||
exit $1
|
||||
}
|
||||
################################################################################
|
||||
|
@ -410,8 +410,6 @@ logwatch() # $1 = timeout -- if negative, prompt each time that
|
||||
# Save currently running configuration
|
||||
#
|
||||
save_config() {
|
||||
[ "$nolock" ] || mutex_on
|
||||
|
||||
if shorewall_is_started ; then
|
||||
[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
|
||||
|
||||
@ -486,7 +484,6 @@ save_config() {
|
||||
echo "Shorewall isn't started"
|
||||
fi
|
||||
|
||||
[ "$nolock" ] || mutex_off
|
||||
}
|
||||
#
|
||||
# Start Command Executor
|
||||
@ -1165,6 +1162,117 @@ dump_command() {
|
||||
show_classifiers
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Safe-start/safe-restart Command Executor
|
||||
#
|
||||
safe_commands() {
|
||||
local finished=0
|
||||
|
||||
# test is the shell supports timed read
|
||||
read -t 0 junk 2> /dev/null
|
||||
if [ $? -eq 2 -a ! -x /bin/bash ];then
|
||||
echo "Your shell does not support a feature required to execute this command".
|
||||
exit 2
|
||||
fi
|
||||
|
||||
while [ $finished -eq 0 -a $# -gt 0 ]; do
|
||||
option=$1
|
||||
case $option in
|
||||
-*)
|
||||
option=${option#-}
|
||||
|
||||
while [ -n "$option" ]; do
|
||||
case $option in
|
||||
-)
|
||||
finished=1
|
||||
option=
|
||||
;;
|
||||
q*)
|
||||
VERBOSE=$(($VERBOSE - 1 ))
|
||||
option=${option#q}
|
||||
;;
|
||||
v*)
|
||||
VERBOSE=$(($VERBOSE + 1 ))
|
||||
option=${option#v}
|
||||
;;
|
||||
n*)
|
||||
NOROUTES=Yes
|
||||
option=${option#n}
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
finished=1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
[ $# -eq 0 ] || usage 2
|
||||
|
||||
export VERBOSE
|
||||
export PROGRAM=Yes
|
||||
|
||||
mutex_on
|
||||
|
||||
if shorewall_is_started; then
|
||||
running=Yes
|
||||
else
|
||||
running=
|
||||
fi
|
||||
|
||||
if [ "$COMMAND" = "safe-start" -a -n "$running" ]; then
|
||||
# the command is safe-start but the firewall is already running
|
||||
error_message "Shorewall is already started"
|
||||
mutex_off
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$COMMAND" = "safe-start" -o -z "$running" ]; then
|
||||
# the command is safe-start or shorewall is not started yet
|
||||
command="start"
|
||||
else
|
||||
# the command is safe-restart and the firewall is already running
|
||||
command="restart"
|
||||
fi
|
||||
|
||||
if ! $SHOREWALL_SHELL /usr/share/shorewall/compiler $debugging nolock compile /var/lib/shorewall/.$command; then
|
||||
status=$?
|
||||
mutex_off
|
||||
exit $status
|
||||
fi
|
||||
|
||||
RESTOREPATH=/var/lib/shorewall/.safe
|
||||
|
||||
save_config
|
||||
|
||||
/var/lib/shorewall/.$command $command
|
||||
|
||||
echo -n "Do you want to accept the new firewall configuration? [y/n] "
|
||||
|
||||
if read_yesno_with_timeout; then
|
||||
echo "New configuration has been accepted"
|
||||
else
|
||||
if [ "$command" = "restart" ]; then
|
||||
/var/lib/shorewall/.safe
|
||||
else
|
||||
/var/lib/shorewall/.$command clear
|
||||
fi
|
||||
|
||||
mutex_off
|
||||
echo "New configuration has been rejected and the old one restored"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
mutex_off
|
||||
[ $? -eq 0 ] && [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
|
||||
}
|
||||
|
||||
#
|
||||
# Restore Comand Executor
|
||||
#
|
||||
@ -1787,8 +1895,11 @@ case "$COMMAND" in
|
||||
|
||||
RESTOREPATH=/var/lib/shorewall/$RESTOREFILE
|
||||
|
||||
[ "$nolock" ] || mutex_on
|
||||
|
||||
save_config
|
||||
|
||||
[ "$nolock" ] || mutex_off
|
||||
;;
|
||||
forget)
|
||||
case $# in
|
||||
@ -1886,77 +1997,10 @@ case "$COMMAND" in
|
||||
help $@
|
||||
;;
|
||||
safe-restart|safe-start)
|
||||
# test is the shell supports timed read
|
||||
read -t 0 junk 2> /dev/null
|
||||
if [ $? -eq 2 -a ! -x /bin/bash ]
|
||||
then
|
||||
echo "Your shell does not support a feature required to execute this command".
|
||||
exit 2
|
||||
fi
|
||||
shift
|
||||
|
||||
[ $VERBOSE -gt 0 ] && VERBOSE=$(make_verbose)
|
||||
safe_commands $@
|
||||
|
||||
mutex_on
|
||||
|
||||
if shorewall_is_started
|
||||
then
|
||||
running=0
|
||||
else
|
||||
running=1
|
||||
fi
|
||||
|
||||
if [ "$1" = "safe-start" -a $running -eq 0 ]
|
||||
then
|
||||
# the command is safe-start but the firewall is already running
|
||||
$0 $debugging nolock $VERBOSE start
|
||||
ret=$?
|
||||
mutex_off
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$1" = "safe-start" -o $running -ne 0 ]
|
||||
then
|
||||
# the command is safe-start or shorewall is not started yet
|
||||
command="start"
|
||||
else
|
||||
# the command is safe-restart and the firewall is already running
|
||||
command="restart"
|
||||
fi
|
||||
|
||||
if [ "$command" = "restart" ]
|
||||
then
|
||||
# save previous configuration
|
||||
$0 $debugging nolock save "safe-start-restart"
|
||||
fi
|
||||
|
||||
$0 $debugging nolock $VERBOSE $command
|
||||
|
||||
echo -n "Do you want to accept the new firewall configuration? [y/n] "
|
||||
read_yesno_with_timeout
|
||||
if [ $? -eq 0 ]
|
||||
then
|
||||
echo "New configuration has been accepted"
|
||||
if [ "$command" = "restart" ]
|
||||
then
|
||||
# removed previous configuration
|
||||
rm /var/lib/shorewall/safe-start-restart
|
||||
fi
|
||||
else
|
||||
if [ "$command" = "restart" ]
|
||||
then
|
||||
$0 $debugging nolock restore "safe-start-restart"
|
||||
rm /var/lib/shorewall/safe-start-restart
|
||||
else
|
||||
$0 $debugging nolock clear
|
||||
fi
|
||||
|
||||
mutex_off
|
||||
echo "New configuration has been rejected and the old one restored"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
mutex_off
|
||||
[ $? -eq 0 ] && [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
|
||||
;;
|
||||
*)
|
||||
usage 1
|
||||
|
Loading…
Reference in New Issue
Block a user