diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 132b09ac8..2f40f9ddf 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in 3.2.0 RC 4 2) Make progress messages product-specific. +3) Add 'reload' command. + ------------------------------------------------------------------------------- Changes in 3.2.0 RC 3 diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index b0f40c215..1e166875b 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -44,6 +44,30 @@ Other changes in 3.2.0 RC 4 installed on your administrative system(s) and Shorewall Lite RC4 on the firewall system(s). +2) A "reload" command has been added. This command allows a non-root + user with ssh access to a (usually) remote system to compile a firewall + script on the local system and to install that script on the remote + system. + + Syntax is: + + shorewall reload [ [ ] ] + + If is omitted, the current working directory is + assumed. If is omitted, the local system is assumed. + + The command is equivalent to: + + /sbin/shorewall compile -e . firewall &&\ + scp firewall root@:/usr/share/shorewall-lite/ &&\ + ssh root@ '/sbin/shorewall-lite restart' + + In other words, the configuration in the specified (or defaulted) + directory is compiled to a file called firewall in that + directory. If compilation succeeds, then 'firewall' is copied to the + (usually remote) using scp. If the copy succeeds, + Shorewall Lite on is restarted via ssh. + Migration Considerations: 1) If you are upgrading from Shorewall 2.x, it is essential that you read diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 76d52f532..ca4041cca 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1286,7 +1286,7 @@ restore_command() { # reload_command() { - shorewall compile -e . firewall && scp firewall root@${1}:/usr/share/shorewall-lite/ && ssh root@${1} '/sbin/shorewall-lite restart' && progress_message3 "System $1 reloaded" + shorewall compile -e $1 $1/firewall && scp $1/firewall root@${2}:/usr/share/shorewall-lite/ && ssh root@${2} '/sbin/shorewall-lite restart' && progress_message3 "System $1 reloaded" } # # Help information @@ -1323,7 +1323,7 @@ usage() # $1 = exit status echo " logwatch []" echo " refresh" echo " reject
..." - echo " reload " + echo " reload [ ] [ ]" echo " reset" echo " restart [ -n ] [ ]" echo " restore [ -n ] [ ]" @@ -1632,8 +1632,25 @@ case "$COMMAND" in ;; reload) shift - [ $# -eq 1 ] || usage 1 - reload_command $1 + case $# in + 0) + directory="." + system="localhost" + ;; + 1) + directory="." + system=$1 + ;; + 2) + directory=$1 + system=$2 + ;; + *) + usage 1 + ;; + esac + + reload_command $directory $system ;; status) [ $# -eq 1 ] || usage 1 diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index 25f871819..f2fdbc19d 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -401,8 +401,10 @@
/sbin/shorewall reload command (Added in 3.2.0 RC4) - The reload command allows for easy updating of remote firewall - systems. At shorewall.net, I keep my firewall configurations in + The reload + command allows for easy updating of remote firewall systems by a + non-root user. At shorewall.net, I keep my firewall configurations in sub-directories under ~/Configs. The name of the directory corresponds to the DNS name of the system. @@ -421,8 +423,11 @@ done. teastep@wookie:~/Configs/gateway$ - I use RSA keys and ssh-agent so I don't need to enter a password - to run scp or ssh. + The user running the reload command must have + ssh access to the remote system. I use RSA keys and ssh-agent so I don't + need to enter a password each time the command runs scp or ssh; I only + need to supply the password once when I log onto my desktop + system.
diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml index 2b681b41c..9a768aa34 100644 --- a/docs/starting_and_stopping_shorewall.xml +++ b/docs/starting_and_stopping_shorewall.xml @@ -943,22 +943,27 @@ - + reload (Added in Shorewall 3.2.0 RC4 -- not supported by Shorewall Lite) - reload <system> + reload [ [ <directory> ] <system> + ] + + If <directory> is omitted, the current working directory + is assumed. If <system> is omitted, the local system is + assumed. Allows a non-root user to compile a shorewall script and - install it on a remote system (provided that the user has access to - the remote system via ssh). The command is equivalent to: + install it on a system (provided that the user has access to the + system via ssh). The command is equivalent to: - /sbin/shorewall compile -e . firewall - &&\ + /sbin/shorewall compile -e <directory> + <directory>/firewall &&\ - scp firewall + scp <directory>/firewall root@<system>:/usr/share/shorewall-lite/ &&\ @@ -966,12 +971,12 @@ restart' - In other words, the configuration in the current working - directory is compiled to a file called firewall - in that directory. If compilation succeeds, then - firewall is copied to the remote system using - scp. If the copy succeeds, Shorewall Lite on the remote system is - restarted via ssh. + In other words, the configuration in the specified (or + defaulted) directory is compiled to a file called + firewall in that directory. If compilation + succeeds, then firewall is copied to the + (usually remote) <system> using scp. If the copy succeeds, + Shorewall Lite on <system> is restarted via ssh.