Make progress messages product-specific; provide script for easy firewall update

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4098 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-06-14 16:32:13 +00:00 · 2006-06-14 16:32:13 +00:00 · fb4ef97840
commit fb4ef97840
parent 8ae9a2c419
10 changed files with 100 additions and 31 deletions
--- a/Shorewall-lite/changelog.txt
+++ b/Shorewall-lite/changelog.txt
@ -4,6 +4,8 @@ Changes in 3.2.0 RC 4
 2)  Correct many inaccuracies in shorewall.conf
 3)  Make progress messages product-specific.
 Changes in 3.2.0 RC 3
 1)  Fix configpath.
--- a/Shorewall-lite/releasenotes.txt
+++ b/Shorewall-lite/releasenotes.txt
@ -17,7 +17,11 @@ Problems Corrected in 3.2.0 RC 4
 Other changes in 3.2.0 RC 4
-None.
+1)  The progress messages produced by Shorewall Lite now correctly
    identify the product as 'Shorewall Lite' rather than
    'Shorewall'. In order for this to work, you must have Shorewall RC4
    installed on your administrative system(s) and Shorewall Lite RC4
    on the firewall system(s).
 New Features:
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@ -553,10 +553,10 @@ start_command() {
 		    $SHOREWALL_SHELL ${RESTOREPATH}-ipsets
 		fi
-		echo Restoring Shorewall...
+		echo Restoring Shorewall Lite...
 		$SHOREWALL_SHELL $RESTOREPATH restore
 		date > ${VARDIR}/restarted
-		progress_message3 Shorewall restored from $RESTOREPATH
+		progress_message3 Shorewall Lite restored from $RESTOREPATH
 	    else
 		do_it
 	    fi
@ -933,8 +933,8 @@ restore_command() {
 	    $SHOREWALL_SHELL ${RESTOREPATH}-ipsets
 	fi
-	progress_message3 "Restoring Shorewall..."
+	progress_message3 "Restoring Shorewall Lite..."
-	$SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall restored from ${VARDIR}/$RESTOREFILE"
+	$SHOREWALL_SHELL $RESTOREPATH restore && echo "Shorewall Lite restored from ${VARDIR}/$RESTOREFILE"
 	[ -n "$nolock" ] || mutex_off
    else
 	echo "File ${VARDIR}/$RESTOREFILE: file not found"
@ -1169,6 +1169,7 @@ MUTEX_TIMEOUT=
 SHAREDIR=/usr/share/shorewall-lite
 VARDIR=/var/lib/shorewall-lite
 CONFDIR=/etc/shorewall-lite
 export PRODUCT="Shorewall Lite"
 FIREWALL=$SHAREDIR/firewall
 FUNCTIONS=$SHAREDIR/functions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,8 @@ Changes in 3.2.0 RC 4
 1)  Fix permissions on Limit file.
 2)  Make progress messages product-specific.
 -------------------------------------------------------------------------------
 Changes in 3.2.0 RC 3
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -7820,10 +7820,10 @@ stop_firewall() {
 		    \${RESTOREPATH}-ipsets
 		fi
-		echo Restoring Shorewall...
+		echo Restoring \${PRODUCT:=Shorewall}...
 		if \$RESTOREPATH restore; then
-		    echo "Shorewall restored from \$RESTOREPATH"
+		    echo "\$PRODUCT restored from \$RESTOREPATH"
 		    set_state "Started"
 		else
 		    set_state "Unknown"
--- a/Shorewall/prog.footer
+++ b/Shorewall/prog.footer
@ -58,30 +58,32 @@ else
    COMMAND="$1"
 fi
 [ -n "${PRODUCT:=Shorewall}" ]
 case "$COMMAND" in
    start)
 	if shorewall_is_started; then
-	    error_message "Shorewall is already Running"
+	    error_message "$PRODUCT is already Running"
 	    status=1
 	else
-	    progress_message3 "Starting Shorewall...."
+	    progress_message3 "Starting $PRODUCT...."
 	    define_firewall
 	    status=$?
 	    progress_message3 "done."
 	fi
 	;;
    stop)
-	progress_message3 "Stopping Shorewall...."
+	progress_message3 "Stopping $PRODUCT...."
 	stop_firewall
 	status=0
 	progress_message3 "done."
 	;;
    restart)
 	if shorewall_is_started; then
-	    progress_message3 "Restarting Shorewall...."
+	    progress_message3 "Restarting $PRODUCT...."
 	else
-	    echo "Shorewall is not running" >&2
+	    echo "$PRODUCT is not running" >&2
-	    progress_message3 "Starting Shorewall...."
+	    progress_message3 "Starting $PRODUCT...."
 	fi
 	define_firewall
@ -93,19 +95,19 @@ case "$COMMAND" in
 	status=$?
 	;;
    clear)
-	progress_message3 "Clearing Shorewall...."
+	progress_message3 "Clearing $PRODUCT...."
 	clear_firewall
 	status=0
 	progress_message3 "done."
 	;;
    status)
-	echo "Shorewall-$VERSION Status at $HOSTNAME - $(date)"
+	echo "$PRODUCT-$VERSION Status at $HOSTNAME - $(date)"
 	echo
 	if shorewall_is_started; then
-	    echo "Shorewall is running"
+	    echo "$PRODUCT is running"
 	    status=0
 	else
-	    echo "Shorewall is stopped"
+	    echo "$PRODUCT is stopped"
 	    status=4
 	fi
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -38,7 +38,11 @@ Problems Corrected in 3.2.0 RC 4
 Other changes in 3.2.0 RC 4
-None.
+1)  The progress messages produced by Shorewall Lite now correctly
    identify the product as 'Shorewall Lite' rather than
    'Shorewall'. In order for this to work, you must have Shorewall RC4
    installed on your administrative system(s) and Shorewall Lite RC4
    on the firewall system(s).
 Migration Considerations:
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -1515,6 +1515,7 @@ MUTEX_TIMEOUT=
 SHAREDIR=/usr/share/shorewall
 VARDIR=/var/lib/shorewall
 CONFDIR=/etc/shorewall
 export PRODUCT="Shorewall"
 FIREWALL=$SHAREDIR/firewall
 FUNCTIONS=$SHAREDIR/functions
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@ -252,9 +252,10 @@
    </orderedlist>
    <para>Shorewall Lite includes a very limited version of
-    <filename>/etc/shorewall-lite/shorewall.conf</filename>. It includes the
+    <filename>shorewall.conf
-    following options which have the same meaning as in a full Shorewall
+    </filename>(<filename>/etc/shorewall-lite/shorewall.conf</filename>). It
-    installation except as noted below:</para>
+    includes the following options which have the same meaning as in a full
    Shorewall installation except as noted below:</para>
    <blockquote>
      <simplelist>
@ -263,19 +264,19 @@
        <member>LOGFILE</member>
        <member>LOGFORMAT — used by <filename>/sbin/shorewall</filename> for
-        finding 'Shorewall' log messages only. The format of the messages
+        finding 'Shorewall' log messages. If LOGFORMAT was specified in the
-        themselves is defined by the LOGFORMAT in the shorewall.conf used when
+        shorewall.conf file used at compile time on the administrative system,
-        the firewall script was compiled on the administrative system. If
+        then the format of the messages themselves is defined by that value.
-        LOGFORMAT was not specified at compile time then the firewall script
+        If LOGFORMAT was not specified at compile time then the firewall
-        will use the value from
+        script will use the value from
        <filename>/etc/shorewall-lite/shorewall.conf</filename> on the
        firewall system.</member>
        <member>IPTABLES — determines the iptables binary to be used by
        <filename>/sbin/shorewall</filename>. The compiled firewall script
        will use the IPTABLES specified in <filename>shorewall.conf</filename>
-        at compile time on the administrative system; if IPTABLES was not
+        at compile time on the administrative system, if any; if IPTABLES was
-        specified at compile time then the IPTABLES value from
+        not specified at compile time then the IPTABLES value from
        <filename>/etc/shorewall-lite/shorewall.conf</filename> on the
        firewall system will be used by the firewall script.</member>
@ -394,6 +395,43 @@
        </listitem>
      </orderedlist>
    </section>
    <section>
      <title>A simple shell program for remote firewall replacement</title>
      <para>I use the following <ulink
      url="ftp://ftp1.shorewall.net/pub/shorewall/contrib/compile">simple
      shell program</ulink> for compiling firewall scripts and installing them
      on firewall systems:</para>
      <blockquote>
        <programlisting>#/bin/bash
 [ $# -eq 1 ] || { echo "Usage: $(basename $0) &lt;system&gt;" &gt;&amp;2; exit 2; }
 /sbin/shorewall compile -e . firewall &amp;&amp; scp firewall root@${1}:/usr/share/shorewall-lite/ &amp;&amp; ssh root@${1} 'shorewall-lite restart'</programlisting>
      </blockquote>
      <para>I install this program in
      <filename>/usr/local/bin/compile</filename> and I have my configuration
      directories in ~/Config. So, for example, to recompile the firewall
      script for the 'gateway' system and install the script on gateway, I do
      the following:</para>
      <blockquote>
        <programlisting>teastep@wookie:~$ <command>cd Configs/gateway</command>
 teastep@wookie:~/Configs/gateway$ <command>compile gateway</command>
 Compiling...
 Shorewall configuration compiled to firewall
 firewall                                                                                                                  100%   29KB  29.3KB/s   00:00
 Restarting Shorewall Lite....
 done.
 teastep@wookie:~/Configs/gateway$</programlisting>
      </blockquote>
      <para>I use RSA keys and ssh-agent so I don't need to enter a password
      to run scp or ssh.</para>
    </section>
  </section>
  <section>
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -1838,6 +1838,21 @@ eth0               eth1                        # eth1 = interface to local netwo
      installed on at least one system within your network in order to use
      Shorewall Lite.</para>
    </section>
    <section id="faq55">
      <title>(FAQ 55) How do I decide which product to use - Shorewall or
      Shorewall Lite?</title>
      <para><emphasis role="bold">Answer</emphasis>: If you plan to have only
      a single firewall system, then Shorewall is the logical choice. I also
      think that Shorewall is the appropriate choice for laptop systems that
      may need to have their firewall configuration changed while on the road.
      In the remaining cases, Shorewall Lite will work very well. At
      shorewall.net, the two laptop systems have the full Shorewall product
      installed as does my personal Linux desktop system. All other Linux
      systems that run a firewall use Shorewall Lite and have their
      configuration directories on my desktop. </para>
    </section>
  </section>
  <section>