Tom Eastep wrote:
>> I see your point and is a good one.
>>
>> Perhaps another alternative could be implemented since the problem
>> arises only on reboot. Currently, I have shorewall-init as a service
>> disabled, simply because ifupdown-local usually takes care of
>> everything. However, if you implement "shorewall check-update" (or any
>> other suitable alternative) which produces a "yes/no" result when
>> recompilation is needed (even if it is through the exit code), then the
>> shorewall-init startup script/service could use that to see whether
>> "shorewall compile" needs to be executed (that would be in addition to
>> the usual checks for the "firewall" executable) and do so accordingly.
>>
>> Since shorewall-init (as a service) usually starts before anything (even
>> before any of the network devices have been brought up), then it can
>> detect whether changes were made and recompile the firewall file,
>> ifupdown-local then picks it up and - voila, job done. How's that?
>>
>
> That could be done. How about an option on the 'compile' command that
> 'compiles if needed'? That way, the SysV init scripts could
> unconditionally compile with that option.
>
Nope, that won't do. The shorewall-init script check for the existence
of "firewall" and, if present, it then starts "unconditional" compile.
So, there must be, in my view, another command (I suggested "shorewall
check-update", but it could be anything suitable really), which precedes
that check, regardless of whether or not "firewall" exists and it is
executable - another "if" statement branch. Something like this:
retval=0
product="${SBINDIR}/$PRODUCT $OPTIONS"
if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
$product check-update # or any other 'suitable' option
retval=${PIPESTATUS[0]}
fi
if [ $retval -ne 0 ]; then
# config directory has been updated, unconditional recompile
$product compile
elif [ ! -x "${STATEDIR}/firewall" ]; then
if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
$product compile
fi
fi
>>>> 4. shorewall-init sysv script errors and additions - see patch attached.
>>>> I've also added a few things which I found useful.
>>>>
>>>>
>>> I'll take a look - Thanks.
>>>
>>>
>> Pleasure.
>>
>
> Applied.
>
Thanks. I haven't looked at ifupdown-local, but I am sure that file
could be optimised as well...
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
