More changes having to do with with dynamic chains

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-06-07 13:07:33 -07:00
parent aa4b0f71af
commit ec3fdbde98
6 changed files with 15 additions and 79 deletions

View File

@ -777,14 +777,9 @@ case "$COMMAND" in
g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $g_restorepath ]; then
if [ -x ${g_restorepath}-ipsets ]; then
rm -f ${g_restorepath}-ipsets
echo " ${g_restorepath}-ipsets removed"
fi
rm -f $g_restorepath
rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved Shorewall configuration"

View File

@ -327,7 +327,7 @@ else
rm -f \${VARDIR}/.forwardUPnP
fi
if chain_exists dynamic; then
if [ "\$COMMAND" = restart ] && chain_exists dynamic; then
$tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
else
rm -f \${VARDIR}/.dynamic
@ -338,10 +338,17 @@ EOF
emit ( 'else' );
push_indent;
emit <<'EOF';
rm -f ${VARDIR}/.UPnP
rm -f ${VARDIR}/.forwardUPnP
rm -f ${VARDIR}/.dynamic
emit <<"EOF";
rm -f \${VARDIR}/.UPnP
rm -f \${VARDIR}/.forwardUPnP
if [ "\$COMMAND" = stop -o "\$COMMAND" = clear ]; then
if chain_exists dynamic; then
$tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
else
rm -f \${VARDIR}/.dynamic
fi
fi
EOF
pop_indent;
@ -569,7 +576,6 @@ EOF
set_state "Started"
else
setup_netfilter
restore_dynamic_rules
conditionally_flush_conntrack
EOF
setup_forwarding( $family , 0 );

View File

@ -774,34 +774,6 @@ run_tc() {
fi
}
#
# Restore the rules generated by 'drop','reject','logdrop', etc.
#
restore_dynamic_rules() {
if [ -f ${VARDIR}/save ]; then
progress_message2 "Setting up dynamic rules..."
rangematch='source IP range'
while read target ignore1 ignore2 address ignore3 rest; do
case $target in
DROP|reject|logdrop|logreject)
case $rest in
$rangematch*)
run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
;;
*)
if [ -z "$rest" ]; then
run_iptables -A dynamic -s $address -j $target
else
error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
fi
;;
esac
;;
esac
done < ${VARDIR}/save
fi
}
#
# Get a list of all configured broadcast addresses on the system
#

View File

@ -728,34 +728,6 @@ run_tc() {
fi
}
#
# Restore the rules generated by 'drop','reject','logdrop', etc.
#
restore_dynamic_rules() {
if [ -f ${VARDIR}/save ]; then
progress_message2 "Setting up dynamic rules..."
rangematch='source IP range'
while read target ignore1 ignore2 address ignore3 rest; do
case $target in
DROP|reject|logdrop|logreject)
case $rest in
$rangematch*)
run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
;;
*)
if [ -z "$rest" ]; then
run_iptables -A dynamic -s $address -j $target
else
error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
fi
;;
esac
;;
esac
done < ${VARDIR}/save
fi
}
#
# Run the .iptables_restore_input as a set of discrete iptables commands
#

View File

@ -362,17 +362,7 @@ save_config() {
;;
*)
validate_restorefile RESTOREFILE
if chain_exists dynamic; then
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved"
do_save
else
echo "Error Saving the Dynamic Rules" >&2
fi
else
do_save && rm -f ${VARDIR}/save
fi
do_save && rm -f ${VARDIR}/save
;;
esac
fi

View File

@ -1829,6 +1829,7 @@ case "$COMMAND" in
if [ -x $g_restorepath ]; then
rm -f $g_restorepath
rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved Shorewall configuration"