On 05/06/2013 11:22 AM, Dash Four wrote:
>
> Tom Eastep wrote:
>>> I see your point and is a good one.
>>>
>>> Perhaps another alternative could be implemented since the problem
>>> arises only on reboot. Currently, I have shorewall-init as a service
>>> disabled, simply because ifupdown-local usually takes care of
>>> everything. However, if you implement "shorewall check-update" (or any
>>> other suitable alternative) which produces a "yes/no" result when
>>> recompilation is needed (even if it is through the exit code), then the
>>> shorewall-init startup script/service could use that to see whether
>>> "shorewall compile" needs to be executed (that would be in addition to
>>> the usual checks for the "firewall" executable) and do so accordingly.
>>>
>>> Since shorewall-init (as a service) usually starts before anything (even
>>> before any of the network devices have been brought up), then it can
>>> detect whether changes were made and recompile the firewall file,
>>> ifupdown-local then picks it up and - voila, job done. How's that?
>>>
>>
>> That could be done. How about an option on the 'compile' command that
>> 'compiles if needed'? That way, the SysV init scripts could
>> unconditionally compile with that option.
>>
> Nope, that won't do. The shorewall-init script check for the existence
> of "firewall" and, if present, it then starts "unconditional" compile.
> So, there must be, in my view, another command (I suggested "shorewall
> check-update", but it could be anything suitable really), which precedes
> that check, regardless of whether or not "firewall" exists and it is
> executable - another "if" statement branch. Something like this:
>
> retval=0
> product="${SBINDIR}/$PRODUCT $OPTIONS"
> if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
> $product check-update # or any other 'suitable' option
> retval=${PIPESTATUS[0]}
> fi
> if [ $retval -ne 0 ]; then
> # config directory has been updated, unconditional recompile
> $product compile
> elif [ ! -x "${STATEDIR}/firewall" ]; then
> if [ $PRODUCT == shorewall -o $PRODUCT == shorewall6 ]; then
What I'm suggesting is to replace all of that with:
if [ $PRODUCT == shorewall -o $PRODUCT == shoreawll6 ]; then
${SBINDIR}/$PRODUCT compile -c
fi
'compile -c' will compile ${VARDIR}/${PRODUCT}/firewall if it doesn't
exist or if the config has changed since it was last compiled. If it
exists and the config hasn't changed, the command exists with status 0.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
