Hi, please see the attached patch.
It is based on http://sourceforge.net/p/shorewall/code/ci/master/tree/Shorewall-init/init.sh and works on my system. @ Roberto: If you'll find some time, maybe you can convert the Debian init scripts to use "log_action_*" for a better/modern output... -Thomas
From e4fcd5794ae33b9874da8f637c5465c53a570f2d Mon Sep 17 00:00:00 2001 From: Thomas D <[email protected]> Date: Tue, 12 Aug 2014 23:37:47 +0200 Subject: [PATCH] Add missing ipset save/restore logic in Shorewall-init Debian init script. --- Shorewall-init/init.debian.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/Shorewall-init/init.debian.sh b/Shorewall-init/init.debian.sh index de7a655..b975a21 100755 --- a/Shorewall-init/init.debian.sh +++ b/Shorewall-init/init.debian.sh @@ -123,6 +123,17 @@ shorewall_start () { echo "done." + if [ -n "$SAVE_IPSETS" -a -f "$SAVE_IPSETS" ]; then + + echo -n "Restoring ipsets: " + + if ! ipset -R < "$SAVE_IPSETS"; then + echo_notdone + fi + + echo "done." + fi + return 0 } @@ -142,6 +153,20 @@ shorewall_stop () { echo "done." + if [ -n "$SAVE_IPSETS" ]; then + + echo "Saving ipsets: " + + mkdir -p $(dirname "$SAVE_IPSETS") + if ipset -S > "${SAVE_IPSETS}.tmp"; then + grep -qE -- '^(-N|create )' "${SAVE_IPSETS}.tmp" && mv -f "${SAVE_IPSETS}.tmp" "$SAVE_IPSETS" + else + echo_notdone + fi + + echo "done." + fi + return 0 } -- 2.0.4
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
