📄 shorewall

📁 sharewall is very good
💻
📖 第 1 页 / 共 3 页
字号:
    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			e*)			    EXPORT=Yes			    option=${option#e}			    ;;			p*)			    PROFILE=Yes			    option=${option#p}			    ;;			d*)			    DEBUG=Yes;			    option=${option#d}			    ;;			C)			    [ $# -gt 0 ] || fatal_error "-C must be followed by a compiler name"			    SHOREWALL_COMPILER=$2			    option=			    shift			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    case $# in	0)	    ;;	1)	    [ -n "$SHOREWALL_DIR" ] && usage 2	    if [ ! -d $1 ]; then		if [ -e $1 ]; then		    echo "$1 is not a directory" >&2 && exit 2		else		    echo "Directory $1 does not exist" >&2 && exit 2		fi	    fi	    SHOREWALL_DIR=$(resolve_file $1)	    export SHOREWALL_DIR	    ;;	*)	    usage 1	    ;;    esac    export EXPORT    progress_message3 "Checking..."    compiler exec $debugging $nolock check}## Restart Command Executor#restart_command() {    local finished    finished=0    local rc    rc=0    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			d*)			    DEBUG=Yes			    option=${option#d}			    ;;			f*)			    FAST=Yes			    option=${option#f}			    ;;			n*)			    NOROUTES=Yes			    option=${option#n}			    ;;			C)			    [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"			    SHOREWALL_COMPILER=$2			    option=			    shift			    ;;			p*)			    [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system"			    PURGE=Yes			    option=${option%p}			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    case $# in	0)	    ;;	1)	    [ -n "$SHOREWALL_DIR" ] && usage 2	    if [ ! -d $1 ]; then		if [ -e $1 ]; then		    echo "$1 is not a directory" >&2 && exit 2		else		    echo "Directory $1 does not exist" >&2 && exit 2		fi	    fi	    SHOREWALL_DIR=$(resolve_file $1)	    [ -n "$FAST" ] && fatal_error "Directory may not be specified with the -f option"	    export SHOREWALL_DIR	    ;;	*)	    usage 1	    ;;    esac    [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"    export NOROUTES    export PURGE   if [ -z "$FAST" ]; then         progress_message3 "Compiling..."       if compiler run $debugging $nolock compile ${VARDIR}/.restart; then	   [ -n "$nolock" ] || mutex_on	   $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart	   rc=$?	   [ -n "$nolock" ] || mutex_off       else	   rc=$?	   logger -p kern.err "ERROR:Shorewall restart failed"       fi   else       [ -x ${VARDIR}/.restore ] || fatal_error "No ${VARDIR}/.restore file found"       [ -n "$nolock" ] || mutex_on       $SHOREWALL_SHELL ${VARDIR}/.restore $debugging restart       rc=$?       [ -n "$nolock" ] || mutex_off   fi   return $rc}## Refresh Command Executor#refresh_command() {    local finished    finished=0    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			C)			    [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"			    SHOREWALL_COMPILER=$2			    option=			    shift			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    if [ $# -gt 0 ]; then	REFRESHCHAINS=$1	shift	while [ $# -gt 0 ]; do	    REFRESHCHAINS="$REFRESHCHAINS,$1"	    shift	done    fi    shorewall_is_started || fatal_error "Shorewall is not running"    [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"    export NOROUTES    progress_message3 "Compiling..."    if compiler run $debugging $nolock compile ${VARDIR}/.refresh; then	[ -n "$nolock" ] || mutex_on	$SHOREWALL_SHELL ${VARDIR}/.refresh $debugging refresh	rc=$?	[ -n "$nolock" ] || mutex_off    else	rc=$?    fi    return $rc}## Safe-start/safe-restart Command Executor#safe_commands() {    local finished    finished=0    # test is the shell supports timed read    read -t 0 junk 2> /dev/null    if [ $? -eq 2 -a ! -x /bin/bash ];then	echo "Your shell does not support a feature required to execute this command".	exit 2    fi    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			n*)			    NOROUTES=Yes			    option=${option#n}			    ;;			C)			    [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"			    SHOREWALL_COMPILER=$2			    option=			    shift			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    case $# in	0)	    ;;	1)	    [ -n "$SHOREWALL_DIR" ] && usage 2	    if [ ! -d $1 ]; then		if [ -e $1 ]; then		    echo "$1 is not a directory" >&2 && exit 2		else		    echo "Directory $1 does not exist" >&2 && exit 2		fi	    fi	    SHOREWALL_DIR=$(resolve_file $1)	    export SHOREWALL_DIR	    ;;	*)	    usage 1	    ;;    esac    [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"    if shorewall_is_started; then	running=Yes    else	running=    fi    if [ "$COMMAND" = "safe-start" -a  -n "$running" ]; then	# the command is safe-start but the firewall is already running	error_message "Shorewall is already started"	exit 0    fi    if [ "$COMMAND" = "safe-start" -o -z "$running" ]; then	# the command is safe-start or shorewall is not started yet	command="start"    else	# the command is safe-restart and the firewall is already running	command="restart"    fi    progress_message3 "Compiling..."    if ! compiler run $debugging nolock compile ${VARDIR}/.$command; then	status=$?	exit $status    fi    case $command in	start)	    export RESTOREFILE=NONE	    progress_message3 "Starting..."	    ;;	restart)	    export RESTOREFILE=.safe	    RESTOREPATH=${VARDIR}/.safe	    save_config	    progress_message3 "Restarting..."	    ;;    esac    [ -n "$nolock" ] || mutex_on    if ${VARDIR}/.$command $command; then	echo -n "Do you want to accept the new firewall configuration? [y/n] "	if read_yesno_with_timeout; then	    echo "New configuration has been accepted"	else	    if [ "$command" = "restart" ]; then		${VARDIR}/.safe restore	    else		${VARDIR}/.$command clear	    fi	    	    [ -n "$nolock" ] || mutex_off	    echo "New configuration has been rejected and the old one restored"	    exit 2	fi    fi    [ -n "$nolock" ] || mutex_off}## 'try' Command Executor#try_command() {    local finished    finished=0    local timeout    timeout=    handle_directory() {	[ -n "$SHOREWALL_DIR" ] && usage 2	if [ ! -d $1 ]; then	    if [ -e $1 ]; then		echo "$1 is not a directory" >&2 && exit 2	    else		echo "Directory $1 does not exist" >&2 && exit 2	    fi	fi		SHOREWALL_DIR=$(resolve_file $1)	export SHOREWALL_DIR    }    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			n*)			    NOROUTES=Yes			    option=${option#n}			    ;;			C)			    [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"			    SHOREWALL_COMPILER=$2			    option=			    shift			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    case $# in	0)	    usage 1	    ;;	1)	    handle_directory $1	    ;;	2)	    handle_directory $1	    timeout=$2	    case $timeout in 		*[!0-9]*)                    echo "   ERROR: Invalid timeout ($timeout)" >&2;		    exit 1		    ;;	    esac	    ;;	*)	    usage 1	    ;;    esac    [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled"    if shorewall_is_started; then	running=Yes    else	running=    fi    if [ -z "$running" ]; then	# shorewall is not started yet	command="start"    else	# the firewall is already running	command="restart"    fi    progress_message3 "Compiling..."    if ! compiler run $debugging $nolock compile ${VARDIR}/.$command; then	status=$?	exit $status    fi    case $command in	start)	    export RESTOREFILE=NONE	    progress_message3 "Starting..."	    ;;	restart)	    export RESTOREFILE=.try	    RESTOREPATH=${VARDIR}/.try	    save_config	    progress_message3 "Restarting..."	    ;;    esac    [ -n "$nolock" ] || mutex_on    if ${VARDIR}/.$command $command && [ -n "$timeout" ]; then	sleep $timeout	    	if [ "$command" = "restart" ]; then	    ${VARDIR}/.try restore	else	    ${VARDIR}/.$command clear	fi	        fi    [ -n "$nolock" ] || mutex_off    return 0}rsh_command() {    command="$*"    eval $RSH_COMMAND}rcp_command() {    files="$1"    destination=$2        eval $RCP_COMMAND}## [Re]load command executor#reload_command() # $* = original arguments less the command.{    local verbose    verbose=$(make_verbose)    local file    file=    local capabilities    capabilities=    local finished    finished=0    local saveit    saveit=    local result    local directory    local system    local getcaps    getcaps=    local root    root=root    local compiler    compiler=    LITEDIR=/var/lib/shorewall-lite    while [ $finished -eq 0 -a $# -gt 0 ]; do	option=$1	case $option in	    -*)		option=${option#-}		while [ -n "$option" ]; do		    case $option in			-)			    finished=1			    option=			    ;;			s*)			    saveit=Yes			    option=${option#s}			    ;;			c*)			    getcaps=Yes			    option=${option#c}			    ;;			r)			    [ $# -gt 1 ] || fatal_error "Missing Root User name"			    root=$2			    option=			    shift			    ;;			C)			    [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name"			    compiler="-C $2"			    option=			    shift			    ;;			*)			    usage 1			    ;;		    esac		done		shift		;;	    *)		finished=1		;;	esac    done    case $# in	1)	    directory="."	    system=$1	    ;;	2)	    directory=$1	    system=$2	    ;;	*)	    usage 1	    ;;    esac    litedir=$(rsh_command /sbin/shorewall-lite show config 2> /dev/null | grep ^LITEDIR | sed 's/LITEDIR is //')    [ -n "$litedir" ] && LITEDIR=$litedir    if [ -z "$getcaps" ]; then	SHOREWALL_DIR=$(resolve_file $directory)	ensure_config_path	capabilities=$(find_file capabilities)	[ -f $capabilities ] || getcaps=Yes    fi    if [ -n "$getcaps" ]; then	if [ -f $directory/shorewall.conf ]; then	    . $directory/shorewall.conf	    ensure_config_path	fi	progress_message "Getting Capabilities on system $system..."	if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES /usr/share/shorewall-lite/shorecap" > $directory/capabilities; then	    fatal_error "ERROR: Capturing capabilities on system $system failed"	fi    fi    file=$(resolve_file $directory/firewall)    [ -n "$TIMESTAMP" ] && timestamp='-t' || timestamp=    if shorewall $debugging $verbose $timestamp compile -e $compiler $directory $directory/firewall && \	progress_message3 "Copying $file and ${file}.conf to ${system}:${LITEDIR}..." && \	rcp_command "$directory/firewall $directory/firewall.conf" ${LITEDIR}    then	save=$(find_file save);	[ -f $save ] && progress_message3 "Copying $save to ${system}:/etc/shorewall-lite/" && rcp_command $save /etc/shorewall-lite/	progress_message3 "Copy complete"	if [ $COMMAND = reload ]; then	    rsh_command "/sbin/shorewall-lite $debugging $verbose $timestamp restart" && \	    progress_message3 "System $system reloaded" || saveit=	else	    rsh_command "/sbin/shorewall-lite $debugging $verbose $timestamp start" && \	    progress_message3 "System $system loaded" || saveit=	fi	if [ -n "$saveit" ]; then	    rsh_command "/sbin/shorewall-lite $debugging $verbose $timestamp save" && \	    progress_message3 "Configuration on system $system saved"	fi    fi}## Export command executor#export_command() # $* = original arguments less the command.{    local verbose    verbose=$(make_verbose)
💿 文件大小 203 K
👤 上传用户 zhangpeng
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#sharewall #good #very #is
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -