More changes having to do with with dynamic chains

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-06-07 13:07:33 -07:00
parent aa4b0f71af
commit ec3fdbde98
6 changed files with 15 additions and 79 deletions

View File

@ -777,14 +777,9 @@ case "$COMMAND" in
g_restorepath=${VARDIR}/$RESTOREFILE g_restorepath=${VARDIR}/$RESTOREFILE
if [ -x $g_restorepath ]; then if [ -x $g_restorepath ]; then
if [ -x ${g_restorepath}-ipsets ]; then
rm -f ${g_restorepath}-ipsets
echo " ${g_restorepath}-ipsets removed"
fi
rm -f $g_restorepath rm -f $g_restorepath
rm -f ${g_restorepath}-iptables rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed" echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved Shorewall configuration" echo " $g_restorepath exists and is not a saved Shorewall configuration"

View File

@ -327,7 +327,7 @@ else
rm -f \${VARDIR}/.forwardUPnP rm -f \${VARDIR}/.forwardUPnP
fi fi
if chain_exists dynamic; then if [ "\$COMMAND" = restart ] && chain_exists dynamic; then
$tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic $tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
else else
rm -f \${VARDIR}/.dynamic rm -f \${VARDIR}/.dynamic
@ -338,10 +338,17 @@ EOF
emit ( 'else' ); emit ( 'else' );
push_indent; push_indent;
emit <<'EOF'; emit <<"EOF";
rm -f ${VARDIR}/.UPnP rm -f \${VARDIR}/.UPnP
rm -f ${VARDIR}/.forwardUPnP rm -f \${VARDIR}/.forwardUPnP
rm -f ${VARDIR}/.dynamic
if [ "\$COMMAND" = stop -o "\$COMMAND" = clear ]; then
if chain_exists dynamic; then
$tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
else
rm -f \${VARDIR}/.dynamic
fi
fi
EOF EOF
pop_indent; pop_indent;
@ -569,7 +576,6 @@ EOF
set_state "Started" set_state "Started"
else else
setup_netfilter setup_netfilter
restore_dynamic_rules
conditionally_flush_conntrack conditionally_flush_conntrack
EOF EOF
setup_forwarding( $family , 0 ); setup_forwarding( $family , 0 );

View File

@ -774,34 +774,6 @@ run_tc() {
fi fi
} }
#
# Restore the rules generated by 'drop','reject','logdrop', etc.
#
restore_dynamic_rules() {
if [ -f ${VARDIR}/save ]; then
progress_message2 "Setting up dynamic rules..."
rangematch='source IP range'
while read target ignore1 ignore2 address ignore3 rest; do
case $target in
DROP|reject|logdrop|logreject)
case $rest in
$rangematch*)
run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
;;
*)
if [ -z "$rest" ]; then
run_iptables -A dynamic -s $address -j $target
else
error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
fi
;;
esac
;;
esac
done < ${VARDIR}/save
fi
}
# #
# Get a list of all configured broadcast addresses on the system # Get a list of all configured broadcast addresses on the system
# #

View File

@ -728,34 +728,6 @@ run_tc() {
fi fi
} }
#
# Restore the rules generated by 'drop','reject','logdrop', etc.
#
restore_dynamic_rules() {
if [ -f ${VARDIR}/save ]; then
progress_message2 "Setting up dynamic rules..."
rangematch='source IP range'
while read target ignore1 ignore2 address ignore3 rest; do
case $target in
DROP|reject|logdrop|logreject)
case $rest in
$rangematch*)
run_iptables -A dynamic -m iprange --src-range ${rest#source IP range} -j $target
;;
*)
if [ -z "$rest" ]; then
run_iptables -A dynamic -s $address -j $target
else
error_message "WARNING: Unable to restore dynamic rule \"$target $ignore1 $ignore2 $address $ignore3 $rest\""
fi
;;
esac
;;
esac
done < ${VARDIR}/save
fi
}
# #
# Run the .iptables_restore_input as a set of discrete iptables commands # Run the .iptables_restore_input as a set of discrete iptables commands
# #

View File

@ -362,17 +362,7 @@ save_config() {
;; ;;
*) *)
validate_restorefile RESTOREFILE validate_restorefile RESTOREFILE
do_save && rm -f ${VARDIR}/save
if chain_exists dynamic; then
if $IPTABLES -L dynamic -n > ${VARDIR}/save; then
echo " Dynamic Rules Saved"
do_save
else
echo "Error Saving the Dynamic Rules" >&2
fi
else
do_save && rm -f ${VARDIR}/save
fi
;; ;;
esac esac
fi fi

View File

@ -1829,6 +1829,7 @@ case "$COMMAND" in
if [ -x $g_restorepath ]; then if [ -x $g_restorepath ]; then
rm -f $g_restorepath rm -f $g_restorepath
rm -f ${g_restorepath}-iptables rm -f ${g_restorepath}-iptables
rm -f ${g_restorepath}-ipsets
echo " $g_restorepath removed" echo " $g_restorepath removed"
elif [ -f $g_restorepath ]; then elif [ -f $g_restorepath ]; then
echo " $g_restorepath exists and is not a saved Shorewall configuration" echo " $g_restorepath exists and is not a saved Shorewall configuration"