1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
Description: Support `SAFESTOP` under systemd
.
By default, stopping the Shorewall service executes `/sbin/shorewall clear`.
.
The `SAFESTOP` setting in /etc/default/shorewall is intended to stop the
service by calling `/sbin/shorewall stop`.
.
However, the systemd service files do not support this. Instead, we install a
shell-script that sources /etc/default/shorewall and honours `SAFESTOP` when
stopping Shorewall and patch the service files to call it.
Author: Jeremy Sowden <jeremy@azazel.net>
Last-Update: 2023-01-31
Forwarded: https://gitlab.com/shorewall/code/-/merge_requests/11
--- a/shorewall-core/install.sh
+++ b/shorewall-core/install.sh
@@ -324,6 +324,15 @@
echo
echo "wait4ifup installed in ${DESTDIR}${LIBEXECDIR}/shorewall/wait4ifup"
+#
+# Install stop_service
+#
+if [ -n "${STOPSERVICEFILE}" ]; then
+ install_file ${STOPSERVICEFILE} ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service 0755
+
+ echo
+ echo "${STOPSERVICEFILE} installed in ${DESTDIR}${LIBEXECDIR}/shorewall/stop_service"
+fi
#
# Install the libraries
--- a/shorewall-core/shorewallrc.debian.systemd
+++ b/shorewall-core/shorewallrc.debian.systemd
@@ -22,3 +22,4 @@
VARLIB=/var/lib #Directory where product variable data is stored.
VARDIR=${VARLIB}/$PRODUCT #Directory where product variable data is stored.
DEFAULT_PAGER=/usr/bin/less #Pager to use if none specified in shorewall[6].conf
+STOPSERVICEFILE=stop_service.debian #Name of script to stop systemd service that honours `SAFESTOP`.
--- /dev/null
+++ b/shorewall-core/stop_service.debian
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+PRODUCT=$1
+
+. /etc/default/${PRODUCT}
+
+if [ "$SAFESTOP" = 1 ]; then
+ COMMAND=stop
+else
+ COMMAND=clear
+fi
+
+if [ "${PRODUCT}" = shorewall6 ]; then
+ EXEC="/sbin/shorewall -6"
+else
+ EXEC="/sbin/${PRODUCT}"
+fi
+
+exec ${EXEC} ${OPTIONS} ${COMMAND}
--- a/shorewall-lite/shorewall-lite.service.debian
+++ b/shorewall-lite/shorewall-lite.service.debian
@@ -16,7 +16,7 @@
RemainAfterExit=yes
EnvironmentFile=-/etc/default/shorewall-lite
ExecStart=/sbin/shorewall-lite $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall-lite $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall-lite
ExecReload=/sbin/shorewall-lite $OPTIONS reload $RELOADOPTIONS
[Install]
--- a/shorewall/shorewall.service.debian
+++ b/shorewall/shorewall.service.debian
@@ -16,7 +16,7 @@
RemainAfterExit=yes
EnvironmentFile=-/etc/default/shorewall
ExecStart=/sbin/shorewall $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall
ExecReload=/sbin/shorewall $OPTIONS reload $RELOADOPTIONS
[Install]
--- a/shorewall6-lite/shorewall6-lite.service.debian
+++ b/shorewall6-lite/shorewall6-lite.service.debian
@@ -16,7 +16,7 @@
RemainAfterExit=yes
EnvironmentFile=-/etc/default/shorewall6-lite
ExecStart=/sbin/shorewall6-lite $OPTIONS start
-ExecStop=/sbin/shorewall6-lite $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall6-lite
ExecReload=/sbin/shorewall6-lite $OPTIONS reload
[Install]
--- a/shorewall6/shorewall6.service.debian
+++ b/shorewall6/shorewall6.service.debian
@@ -17,7 +17,7 @@
RemainAfterExit=yes
EnvironmentFile=-/etc/default/shorewall6
ExecStart=/sbin/shorewall -6 $OPTIONS start $STARTOPTIONS
-ExecStop=/sbin/shorewall -6 $OPTIONS clear
+ExecStop=/usr/share/shorewall/stop_service shorewall6
ExecReload=/sbin/shorewall -6 $OPTIONS reload $RELOADOPTIONS
[Install]
|
