Re: [Shorewall-users] Accounting - counters reset by restart

Thu, 21 Jan 2021 08:06:27 -0800 

On 1/20/2021 8:53 PM, Matt Darfeuille wrote:
> On 1/20/2021 5:21 PM, Matthew Collins wrote:
>> Gotcha.
>>
>> I'll have another go at working my way around the code.
>>
>> Do you want this reported on gitlab? (and if I fudge together a
>> reasonable fix, I'll submit it there?)
>>
> 
> That would be lovely if you could file a bug report on Gitlab including
> this URL thread (1).
> If you manage to patch something up, can I ask you to send it through
> here in addition to Gitlab?
> 
> 
> As far as I can tell, the compiled firewall script does not handle the
> -c option for start and restart.
> 
> Note that '-C' becomes '-c' in the context of the compiled firewall script.
> 
> 
> Thanks Matt and let us know how it goes.
> 
> 
> 1)
> https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/CALpsz32rWjvox1DLS99gS%3DveW%3DiSsJu0jqetKx0QghFcwHewDw%40mail.gmail.com/#msg37200686
> 

Please try the attached patch (code-master-1-21.01.21.16.26.19-rfc.patch).

This patch is not heavily tested and breaks the regression suite, do
test this RFC patch  on a non-production Shorewall installation.

-- 
Matt Darfeuille <m...@shorewall.org>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org

From 042d49a8911d2e6f10d228587733b595498756b2 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <m...@shorewall.org>
Date: Thu, 21 Jan 2021 16:25:26 +0100
Subject: [RFC PATCH] Honor counters option when starting firewall

Signed-off-by: Matt Darfeuille <m...@shorewall.org>
---
 Shorewall/Perl/Shorewall/Chains.pm | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm 
b/Shorewall/Perl/Shorewall/Chains.pm
index cd8d124fa..ec6b893d8 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -9249,9 +9249,25 @@ sub create_netfilter_load( $ ) {
     push_indent;
 
     if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
-       emit 'option="--wait "' . $config{MUTEX_TIMEOUT};
+       emit 'option="--counters --wait "' . $config{MUTEX_TIMEOUT};
     } else {
+           emit 'if [ "$COMMAND" = "start" -a -n "$g_counters" ]; then';
+
+       push_indent;
+
+       emit 'option="--counters"';
+
+       pop_indent;
+
+       emit 'else';
+
+       push_indent;
+
        emit 'option=';
+
+       pop_indent;
+
+       emit 'fi';
     }
 
     save_progress_message "Preparing $utility input...";
-- 
2.11.0


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to