diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index ff514bb52..adac6d008 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -2266,9 +2266,8 @@ EOF echo Restoring ${g_product:=Shorewall}... RECOVERING=Yes - export RECOVERING - if $g_restorepath restore; then + if run_it $g_restorepath restore; then echo "$g_product restored from $g_restorepath" set_state "Started" else diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index c44743072..176027cab 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -1023,6 +1023,84 @@ startup_error() # $* = Error Message exit 2 } +# +# Get the Shorewall version of the passed script +# +get_script_version() { # $1 = script + local temp + local version + local ifs + + temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' ) + + if [ $? -ne 0 ]; then + version=0 + else + ifs=$IFS + IFS=. + temp=$(echo $temp) + IFS=$ifs + + for temp in $temp; do + version=${version}$(printf '%02d' $temp) + done + fi + + echo $version +} + + +# +# Do required exports or create the required option string and run the passed script using +# $SHOREWALL_SHELL +# +run_it() { + local script + local options + local version + + script=$1 + shift + + version=$(get_script_version $script) + + if [ $version -lt 040408 ]; then + # + # Old script that doesn't understand 4.4.8 script options + # + export RESTOREFILE + export VERBOSITY + export NOROUTES + export PURGE + export TIMESTAMP + export RECOVERING + + if [ "$g_product" != Shorewall6 ]; then + # + # Shorewall Lite + # + export LOGFORMAT + export IP6TABLES + fi + else + # + # 4.4.8 or later -- no exports required + # + options='-' + + [ -n "$NOROUTES" ] && options=${options}n + [ -n "$TIMESTAMP" ] && options=${options}t + [ -n "$PURGE" ] && options=${options}p + [ -n "$RECOVERING" ] && options=${options}r + + options="${options}V $VERBOSITY" + + [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE" + fi + + $SHOREWALL_SHELL $script $options $@ +} + # # Run iptables and if an error occurs, stop/restore the firewall # diff --git a/Shorewall6-lite/shorewall6-lite b/Shorewall6-lite/shorewall6-lite index c64369e1b..e8e8b751f 100755 --- a/Shorewall6-lite/shorewall6-lite +++ b/Shorewall6-lite/shorewall6-lite @@ -166,35 +166,6 @@ verify_firewall_script() { fi } -# -# Do required exports and run $SHOREWALL_SHELL -# -do_exports() { - export RESTOREFILE - export VERBOSITY - export NOROUTES - export PURGE - export TIMESTAMP - export PATH - export RECOVERING - - export LOGFORMAT - export IP6TABLES -} - -# -# Do required exports and run or exec $SHOREWALL_SHELL -# -run_it() { - do_exports - $SHOREWALL_SHELL $@ -} - -exec_it() { - do_exports - exec $SHOREWALL_SHELL $@ -} - # # Start Command Executor # @@ -593,7 +564,7 @@ case "$COMMAND" in stop|reset|clear) [ $# -ne 1 ] && usage 1 verify_firewall_script - exec_it $g_firewall $debugging $nolock $COMMAND + run_it $g_firewall $debugging $nolock $COMMAND ;; restart) shift diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli index ea6998153..0379c63f7 100644 --- a/Shorewall6/lib.cli +++ b/Shorewall6/lib.cli @@ -34,6 +34,83 @@ fatal_error() # $@ = Message exit 2 } +# +# Get the Shorewall version of the passed script +# +get_script_version() { # $1 = script + local temp + local version + local ifs + + temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' ) + + if [ $? -ne 0 ]; then + version=0 + else + ifs=$IFS + IFS=. + temp=$(echo $temp) + IFS=$ifs + + for temp in $temp; do + version=${version}$(printf '%02d' $temp) + done + fi + + echo $version +} + +# +# Do required exports or create the required option string and run the passed script using +# $SHOREWALL_SHELL +# +run_it() { + local script + local options + local version + + script=$1 + shift + + version=$(get_script_version $script) + + if [ $version -lt 040408 ]; then + # + # Old script that doesn't understand 4.4.8 script options + # + export RESTOREFILE + export VERBOSITY + export NOROUTES + export PURGE + export TIMESTAMP + export RECOVERING + + if [ "$g_product" != Shorewall6 ]; then + # + # Shorewall6 Lite + # + export LOGFORMAT + export IP6TABLES + fi + else + # + # 4.4.8 or later -- no exports required + # + options='-' + + [ -n "$NOROUTES" ] && options=${options}n + [ -n "$TIMESTAMP" ] && options=${options}t + [ -n "$PURGE" ] && options=${options}p + [ -n "$RECOVERING" ] && options=${options}r + + options="${options}V $VERBOSITY" + + [ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE" + fi + + $SHOREWALL_SHELL $script $options $@ +} + # Display a chain if it exists # diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index d37d27eba..d9fe3af66 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -298,21 +298,6 @@ compiler() { $command perl $debugflags $pc $options $@ } -# -# Do required exports and run $SHOREWALL_SHELL -# -run_it() { - export RESTOREFILE - export VERBOSITY - export NOROUTES - export PURGE - export TIMESTAMP - export PATH - export RECOVERING - - $SHOREWALL_SHELL $@ -} - # # Start Command Executor #