Edwin Eefting
2003-Oct-23 03:42 UTC
[Shorewall-devel] Shorewall backup configuration patch/hack
Hi, I created a modification (more like a hack) to shorewall that backups a configuration after succesfully (re)starting it. In case a future (re)start fails it will use this backup configuration. (instead of stopping the firewall and generating a massive ammount phonecalls ;) I didn''t pay too much attention to the ramifications of this patch, so let me know if i screwed anything up. It seems to work well with our Webmin administrator interface. Edwin -- //||\\ Edwin Eefting || || || DatuX - Linux solutions and innovations \\||// http://www.datux.nl -------------- next part -------------- 578c578 < SHOREWALL_DIR---> SHOREWALL_DIR=/etc/shorewall679c679 < start|stop|restart|reset|clear|refresh|check) ---> start|restart)680a681> #first try it the "normal" way:682c683,709 < exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 ---> $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 > RESULT=$? > #exitcode 1 means something lame happend. > [ $RESULT == 1 ] && exit 1; > if [ $RESULT == 0 ] ; then > #it worked, create a backup > echo -n "* Config working, backing up..."; > rm -rf "$SHOREWALL_DIR/backup" 2>/dev/null > cp -r "$SHOREWALL_DIR" "$SHOREWALL_DIR/backup" 2>/dev/null > echo "done"; > else > #it didn''t work, use the backup config file and try again > echo -n "* Config FAILED, trying to use the backup: "; > export SHOREWALL_DIR="$SHOREWALL_DIR/backup" > get_config > if $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 > /dev/null 2>/dev/null; then > echo "OK"; > else > echo "WARNING: BACKUP FAILED AS WELL, NETWORK IS DOWN NOW!"; > fi; > fi; > exit $RESULT > ;; > stop|reset|clear|refresh|check) > [ $# -ne 1 ] && usage 1 > get_config > exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1-------------- next part -------------- 4807c4807 < exit 0; ---> exit 1;
Tom Eastep
2003-Oct-23 08:05 UTC
[Shorewall-devel] Shorewall backup configuration patch/hack
On Thu, 2003-10-23 at 03:42, Edwin Eefting wrote:> Hi, > > I created a modification (more like a hack) to shorewall that backups a > configuration after succesfully (re)starting it. In case a future > (re)start fails it will use this backup configuration. (instead of > stopping the firewall and generating a massive ammount phonecalls ;) > > I didn''t pay too much attention to the ramifications of this patch, so let > me know if i screwed anything up. It seems to work well with our Webmin > administrator interface. >1. I dislike the notion that the current backup gets wiped out simply because the new configuration didn''t blow up at startup time. It may not work at all. I would prefer to see a separate ''backup'' command that backed up the current configuration. 2. I think you should check the existence of the backup directory before trying to use it. 3. I would prefer to see unified format patches (-u option to diff). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Edwin Eefting
2003-Oct-23 08:41 UTC
[Shorewall-devel] Shorewall backup configuration patch/hack
On Thu, 23 Oct 2003, Tom Eastep wrote:> On Thu, 2003-10-23 at 03:42, Edwin Eefting wrote: > > Hi, > > > > I created a modification (more like a hack) to shorewall that backups a > > configuration after succesfully (re)starting it. In case a future > > (re)start fails it will use this backup configuration. (instead of > > stopping the firewall and generating a massive ammount phonecalls ;) > > > > I didn''t pay too much attention to the ramifications of this patch, so let > > me know if i screwed anything up. It seems to work well with our Webmin > > administrator interface. > > > > 1. I dislike the notion that the current backup gets wiped out simply > because the new configuration didn''t blow up at startup time. It may not > work at all. I would prefer to see a separate ''backup'' command that > backed up the current configuration.What about implementing a backup command that also runs the configuration as a bold santity check before backuping? Further more i will also make a "Backup current configuration as failover" button in WebMin i think.> > 2. I think you should check the existence of the backup directory before > trying to use it.ok> > 3. I would prefer to see unified format patches (-u option to diff).no problem -- //||\\ Edwin Eefting || || || DatuX - Linux solutions and innovations \\||// http://www.datux.nl
Tom Eastep
2003-Oct-23 09:53 UTC
[Shorewall-devel] Shorewall backup configuration patch/hack
On Thu, 2003-10-23 at 08:36, Edwin Eefting wrote:> On Thu, 23 Oct 2003, Tom Eastep wrote: > > > > > > > 1. I dislike the notion that the current backup gets wiped out simply > > because the new configuration didn''t blow up at startup time. It may not > > work at all. I would prefer to see a separate ''backup'' command that > > backed up the current configuration. > > What about implementing a backup command that also > runs the configuration as a bold santity check before backuping?Maybe just run "check" as a sanity test?> Further > more i will also make a "Backup current configuration as failover" button > in WebMin i think.Excellent. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Reasonably Related Threads
- shorewall restart failure recovery option?
- filelist caching optimization proposal
- [LLVMdev] [llvm-commits] CVS: llvm/lib/Transforms/Hello/Makefile
- Two questions about REDIRECT and iptables chain errors
- [LLVMdev] [llvm-commits] CVS: llvm/lib/Transforms/Hello/Makefile