holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Improve 'reload'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4100 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-14 18:12:06 +00:00
parent 1a58eafd64
commit f85db6a849
5 changed files with 74 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -4,6 +4,8 @@ Changes in 3.2.0 RC 4
2) Make progress messages product-specific. 2) Make progress messages product-specific.
3) Add 'reload' command.
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
Changes in 3.2.0 RC 3 Changes in 3.2.0 RC 3

24
Shorewall/releasenotes.txt
View File

@ -44,6 +44,30 @@ Other changes in 3.2.0 RC 4
installed on your administrative system(s) and Shorewall Lite RC4 installed on your administrative system(s) and Shorewall Lite RC4
on the firewall system(s). on the firewall system(s).
2) A "reload" command has been added. This command allows a non-root
user with ssh access to a (usually) remote system to compile a firewall
script on the local system and to install that script on the remote
system.
Syntax is:
shorewall reload [ [ <directory> ] <system> ]
If <directory> is omitted, the current working directory is
assumed. If <system> is omitted, the local system is assumed.
The command is equivalent to:
/sbin/shorewall compile -e . firewall &&\
scp firewall root@<system>:/usr/share/shorewall-lite/ &&\
ssh root@<system> '/sbin/shorewall-lite restart'
In other words, the configuration in the specified (or defaulted)
directory is compiled to a file called firewall in that
directory. If compilation succeeds, then 'firewall' is copied to the
(usually remote) <system> using scp. If the copy succeeds,
Shorewall Lite on <system> is restarted via ssh.
Migration Considerations: Migration Considerations:
1) If you are upgrading from Shorewall 2.x, it is essential that you read 1) If you are upgrading from Shorewall 2.x, it is essential that you read

25
Shorewall/shorewall
View File

@ -1286,7 +1286,7 @@ restore_command() {
# #
reload_command() reload_command()
{ {
shorewall compile -e . firewall && scp firewall root@${1}:/usr/share/shorewall-lite/ && ssh root@${1} '/sbin/shorewall-lite restart' && progress_message3 "System $1 reloaded" shorewall compile -e $1 $1/firewall && scp $1/firewall root@${2}:/usr/share/shorewall-lite/ && ssh root@${2} '/sbin/shorewall-lite restart' && progress_message3 "System $1 reloaded"
} }
# #
# Help information # Help information
@ -1323,7 +1323,7 @@ usage() # $1 = exit status
echo " logwatch [<refresh interval>]" echo " logwatch [<refresh interval>]"
echo " refresh" echo " refresh"
echo " reject <address> ..." echo " reject <address> ..."
echo " reload <system>" echo " reload [ <directory> ] [ <system> ]"
echo " reset" echo " reset"
echo " restart [ -n ] [ <directory> ]" echo " restart [ -n ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
@ -1632,8 +1632,25 @@ case "$COMMAND" in
;; ;;
reload) reload)
shift shift
[ $# -eq 1 ] || usage 1 case $# in
reload_command $1 0)
directory="."
system="localhost"
;;
1)
directory="."
system=$1
;;
2)
directory=$1
system=$2
;;
*)
usage 1
;;
esac
reload_command $directory $system
;; ;;
status) status)
[ $# -eq 1 ] || usage 1 [ $# -eq 1 ] || usage 1

13
docs/CompiledPrograms.xml
View File

@ -401,8 +401,10 @@
<section> <section>
<title>/sbin/shorewall reload command (Added in 3.2.0 RC4)</title> <title>/sbin/shorewall reload command (Added in 3.2.0 RC4)</title>
<para>The reload command allows for easy updating of remote firewall <para>The <ulink
systems. At shorewall.net, I keep my firewall configurations in url="starting_and_stopping_shorewall.htm#Reload"><command>reload</command>
command</ulink> allows for easy updating of remote firewall systems by a
non-root user. At shorewall.net, I keep my firewall configurations in
sub-directories under ~/Configs. The name of the directory corresponds sub-directories under ~/Configs. The name of the directory corresponds
to the DNS name of the system. </para> to the DNS name of the system. </para>
@ -421,8 +423,11 @@ done.
teastep@wookie:~/Configs/gateway$</programlisting> teastep@wookie:~/Configs/gateway$</programlisting>
</blockquote> </blockquote>
<para>I use RSA keys and ssh-agent so I don't need to enter a password <para>The user running the <command>reload</command> command must have
to run scp or ssh.</para> ssh access to the remote system. I use RSA keys and ssh-agent so I don't
need to enter a password each time the command runs scp or ssh; I only
need to supply the password once when I log onto my desktop
system.</para>
</section> </section>
</section> </section>

31
docs/starting_and_stopping_shorewall.xml
View File

@ -943,22 +943,27 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry id="Reload">
<term>reload (Added in Shorewall 3.2.0 RC4 -- not supported by <term>reload (Added in Shorewall 3.2.0 RC4 -- not supported by
Shorewall Lite)</term> Shorewall Lite)</term>
<listitem> <listitem>
<para><command>reload &lt;system&gt;</command></para> <para><command>reload [ [ &lt;directory&gt; ] &lt;system&gt;
]</command></para>
<para>If &lt;directory&gt; is omitted, the current working directory
is assumed. If &lt;system&gt; is omitted, the local system is
assumed.</para>
<para>Allows a non-root user to compile a shorewall script and <para>Allows a non-root user to compile a shorewall script and
install it on a remote system (provided that the user has access to install it on a system (provided that the user has access to the
the remote system via ssh). The command is equivalent to:</para> system via ssh). The command is equivalent to:</para>
<simplelist> <simplelist>
<member><command>/sbin/shorewall compile -e . firewall <member><command>/sbin/shorewall compile -e &lt;directory&gt;
&amp;&amp;\</command></member> &lt;directory&gt;/firewall &amp;&amp;\</command></member>
<member><command>scp firewall <member><command>scp &lt;directory&gt;/firewall
root@&lt;system&gt;:/usr/share/shorewall-lite/ root@&lt;system&gt;:/usr/share/shorewall-lite/
&amp;&amp;\</command></member> &amp;&amp;\</command></member>
@ -966,12 +971,12 @@
restart'</command></member> restart'</command></member>
</simplelist> </simplelist>
<para>In other words, the configuration in the current working <para>In other words, the configuration in the specified (or
directory is compiled to a file called <filename>firewall</filename> defaulted) directory is compiled to a file called
in that directory. If compilation succeeds, then <filename>firewall</filename> in that directory. If compilation
<filename>firewall</filename> is copied to the remote system using succeeds, then <filename>firewall</filename> is copied to the
scp. If the copy succeeds, Shorewall Lite on the remote system is (usually remote) &lt;system&gt; using scp. If the copy succeeds,
restarted via ssh.</para> Shorewall Lite on &lt;system&gt; is restarted via ssh.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>