Tom Eastep wrote:
>> Two additional (minor) issues: Currently, if I have
>> PRODUCTS="mickey-mouse" in /etc/sysconfig/shorewall-init, the init.d
>> script completes and tells me that everything is OK. The outcome is
>> exactly the same if the conditional compilation fails for some reason
>> (regardless of whether the old "firewall" is present or not). I think
>> that's wrong and the init.d script should return a failure if:
>>
>> 1. "PRODUCTS" has not been processed for whatever reason;
>> 2. "shorewall compile -c" fails; or
>> 3. "firewall" does not exist.
>>
>
> The problem is that PRODUCTS is plural. What if one fails and the other
> succeeds?
If one fails, then, from what I recall, there is a "break" statement and
the failure code is returned immediately, which is the right thing to
do. To answer your question - if one fails, then the other doesn't run
and failure is returned to the OS. Same with iptables-restore - if a
single statement fails, then nothing after that is attempted, which is
the correct course of action.
> Or one of two members of $PRODUCTS is invalid?
Same as above - if any member of PRODUCTS is invalid, then there should
be a failure returned to the OS straight away.
> I'm guessing that
> you vote for a failure exit status to be returned?
Yep.
> What should the exit
> status be if $PRODUCTS is empty?
>
Same as above - failure. Again, from memory (I don't have the contents
of this file in front of me at present), I think the init script checks
whether there is anything specified for PRODUCTS and if the variable is
empty, then a failure is returned which is the right thing to do - one
has to specify at least one "product" in order to run shorewall-init.
...
Yep, I just checked my version of shorewall-init:
if [ -z "$PRODUCTS" ]; then
echo "No firewalls configured for shorewall-init"
failure
return 6 #Not configured
fi
So, if PRODUCTS is empty, then nothing is ever attempted and an error
status code is immediately returned to the OS, which is the correct
thing to do.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
