On 4/28/2015 10:16 AM, Ed W wrote: > On 28/04/2015 17:52, Ed W wrote: >> Sorry, was slow to notice your reply. I will benchmark this >> immediately. While I'm doing that I noticed... >> >> - I'm using this *really* in the form "reenable iface", ie I really >> call "disable" + "enable" >> - It's used when a dynamic PPP connection (re)starts, eg a 3G PPP >> connection because the IP address changes on the interface. >> - I observe I'm currently "cheating" and I manually call the >> "undo_networking" script as this avoids a call into the firewall >> script, but this is obviously not terribly future proof or neat... >> - Would you be amenable to either adding a "force" flag or "re-enable" >> option which simply calls disable/enable? >> >> Code for reenable would be at the bottom of firewall script, something >> like the following (untested for error handling): >> >> >> .... >> reenable) >> [ $# -eq 1 ] && exit 0 >> shift >> [ $# -ne 1 ] && usage 2 >> mutex_on >> if product_is_started; then >> detect_configuration >> disable_provider $1 >> enable_provider $1 >> fi >> mutex_off >> status=0 >> ;; >> .... >> >> Does this work for you? > > I tested the above and error handling causes a problem... My desired > outcome would be that it's possible to call "reenable" regardless of the > current status of the interface. However, if it's already "disabled", > then calling disable a second time causes a "startup_error" which bails > us out before we call enable. > > Changing this seems to require a more invasive code change? Is this a > direction you would be willing to consider?
Patch attached. -Tom -- Tom Tom Eastep http://www.shorewall.net
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 7bb3792..c8e9eab 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -3834,6 +3834,7 @@ usage() # $1 = exit status
echo " logwatch [<refresh interval>]"
echo " open <source> <dest> [ <protocol> [ <port> ] ]"
echo " reject <address> ..."
+ echo " reenable <interface>"
echo " reset [ <chain> ... ]"
echo " restart [ -n ] [ -p ] [ -f ] [ -C ] [ <directory> ]"
echo " restore [ -n ] [ -p ] [ -C ] [ <file name> ]"
@@ -4102,7 +4103,7 @@ shorewall_cli() {
shift
restart_command $@
;;
- disable|enable)
+ disable|enable|reenable)
get_config Yes
if product_is_started; then
run_it ${VARDIR}/firewall $g_debugging $@
diff --git a/Shorewall/Perl/Shorewall/Providers.pm
b/Shorewall/Perl/Shorewall/Providers.pm
index 9ea616a..f4a8749 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1516,7 +1516,7 @@ EOF
" start_provider_$provider" );
}
- emit ( ' else',
+ emit ( ' elif [ -z $2 ]; then',
" startup_error \"Interface $providerref->{physical}
is already enabled\"",
' fi',
' ;;'
@@ -1564,7 +1564,7 @@ EOF
}
emit( " stop_$providerref->{what}_$provider",
- ' else',
+ ' elif [ -z "$2" ]; then',
" startup_error \"Interface $providerref->{physical}
is already disabled\"",
' fi',
' ;;'
diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer
index c3689e2..b468fb4 100644
--- a/Shorewall/Perl/prog.footer
+++ b/Shorewall/Perl/prog.footer
@@ -15,6 +15,7 @@ usage() {
echo " down <interface>"
echo " enable <interface>"
echo " reset"
+ echo " reenable <interface>"
echo " refresh"
echo " restart"
echo " run <command> [ <parameter> ... ]"
@@ -393,6 +394,19 @@ case "$COMMAND" in
mutex_off
status=0
;;
+ reenable)
+ [ $# -eq 1 ] && exit 0
+ shift
+ [ $# -ne 1 ] && usage 2
+ mutex_on
+ if product_is_started; then
+ detect_configuration $1
+ COMMAND=enable disable_provider $1 Yes
+ COMMAND=disable enable_provider $1 Yes
+ fi
+ mutex_off
+ status=0
+ ;;
run)
if [ $# -gt 1 ]; then
shift
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
