holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Improve 'reload'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4100 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-14 18:12:06 +00:00
parent 1a58eafd64
commit f85db6a849
5 changed files with 74 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -4,6 +4,8 @@ Changes in 3.2.0 RC 4
2) Make progress messages product-specific.
3) Add 'reload' command.
-------------------------------------------------------------------------------
Changes in 3.2.0 RC 3

24
Shorewall/releasenotes.txt
View File

@ -44,6 +44,30 @@ Other changes in 3.2.0 RC 4
installed on your administrative system(s) and Shorewall Lite RC4
on the firewall system(s).
2) A "reload" command has been added. This command allows a non-root
user with ssh access to a (usually) remote system to compile a firewall
script on the local system and to install that script on the remote
system.
Syntax is:
shorewall reload [ [ <directory> ] <system> ]
If <directory> is omitted, the current working directory is
assumed. If <system> is omitted, the local system is assumed.
The command is equivalent to:
/sbin/shorewall compile -e . firewall &&\
scp firewall root@<system>:/usr/share/shorewall-lite/ &&\
ssh root@<system> '/sbin/shorewall-lite restart'
In other words, the configuration in the specified (or defaulted)
directory is compiled to a file called firewall in that
directory. If compilation succeeds, then 'firewall' is copied to the
(usually remote) <system> using scp. If the copy succeeds,
Shorewall Lite on <system> is restarted via ssh.
Migration Considerations:
1) If you are upgrading from Shorewall 2.x, it is essential that you read

25
Shorewall/shorewall
View File

@ -1286,7 +1286,7 @@ restore_command() {
#
reload_command()
{
shorewall compile -e . firewall && scp firewall root@${1}:/usr/share/shorewall-lite/ && ssh root@${1} '/sbin/shorewall-lite restart' && progress_message3 "System $1 reloaded"
shorewall compile -e $1 $1/firewall && scp $1/firewall root@${2}:/usr/share/shorewall-lite/ && ssh root@${2} '/sbin/shorewall-lite restart' && progress_message3 "System $1 reloaded"
}
#
# Help information
@ -1323,7 +1323,7 @@ usage() # $1 = exit status
echo " logwatch [<refresh interval>]"
echo " refresh"
echo " reject <address> ..."
echo " reload <system>"
echo " reload [ <directory> ] [ <system> ]"
echo " reset"
echo " restart [ -n ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]"
@ -1632,8 +1632,25 @@ case "$COMMAND" in
;;
reload)
shift
[ $# -eq 1 ] || usage 1
reload_command $1
case $# in
0)
directory="."
system="localhost"
;;
1)
directory="."
system=$1
;;
2)
directory=$1
system=$2
;;
*)
usage 1
;;
esac
reload_command $directory $system
;;
status)
[ $# -eq 1 ] || usage 1

13
docs/CompiledPrograms.xml
View File

@ -401,8 +401,10 @@
<section>
<title>/sbin/shorewall reload command (Added in 3.2.0 RC4)</title>
<para>The reload command allows for easy updating of remote firewall
systems. At shorewall.net, I keep my firewall configurations in
<para>The <ulink
url="starting_and_stopping_shorewall.htm#Reload"><command>reload</command>
command</ulink> allows for easy updating of remote firewall systems by a
non-root user. At shorewall.net, I keep my firewall configurations in
sub-directories under ~/Configs. The name of the directory corresponds
to the DNS name of the system. </para>
@ -421,8 +423,11 @@ done.
teastep@wookie:~/Configs/gateway$</programlisting>
</blockquote>
<para>I use RSA keys and ssh-agent so I don't need to enter a password
to run scp or ssh.</para>
<para>The user running the <command>reload</command> command must have
ssh access to the remote system. I use RSA keys and ssh-agent so I don't
need to enter a password each time the command runs scp or ssh; I only
need to supply the password once when I log onto my desktop
system.</para>
</section>
</section>

31
docs/starting_and_stopping_shorewall.xml
View File

@ -943,22 +943,27 @@
</listitem>
</varlistentry>
<varlistentry>
<varlistentry id="Reload">
<term>reload (Added in Shorewall 3.2.0 RC4 -- not supported by
Shorewall Lite)</term>
<listitem>
<para><command>reload &lt;system&gt;</command></para>
<para><command>reload [ [ &lt;directory&gt; ] &lt;system&gt;
]</command></para>
<para>If &lt;directory&gt; is omitted, the current working directory
is assumed. If &lt;system&gt; is omitted, the local system is
assumed.</para>
<para>Allows a non-root user to compile a shorewall script and
install it on a remote system (provided that the user has access to
the remote system via ssh). The command is equivalent to:</para>
install it on a system (provided that the user has access to the
system via ssh). The command is equivalent to:</para>
<simplelist>
<member><command>/sbin/shorewall compile -e . firewall
&amp;&amp;\</command></member>
<member><command>/sbin/shorewall compile -e &lt;directory&gt;
&lt;directory&gt;/firewall &amp;&amp;\</command></member>
<member><command>scp firewall
<member><command>scp &lt;directory&gt;/firewall
root@&lt;system&gt;:/usr/share/shorewall-lite/
&amp;&amp;\</command></member>
@ -966,12 +971,12 @@
restart'</command></member>
</simplelist>
<para>In other words, the configuration in the current working
directory is compiled to a file called <filename>firewall</filename>
in that directory. If compilation succeeds, then
<filename>firewall</filename> is copied to the remote system using
scp. If the copy succeeds, Shorewall Lite on the remote system is
restarted via ssh.</para>
<para>In other words, the configuration in the specified (or
defaulted) directory is compiled to a file called
<filename>firewall</filename> in that directory. If compilation
succeeds, then <filename>firewall</filename> is copied to the
(usually remote) &lt;system&gt; using scp. If the copy succeeds,
Shorewall Lite on &lt;system&gt; is restarted via ssh.</para>
</listitem>
</varlistentry>