From: Michael Tremer Date: Tue, 22 Oct 2013 16:53:48 +0000 (+0200) Subject: firewall: Cleanup rules reloading. X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=0e43079789de38841b822b591dbff3be8cd37228 firewall: Cleanup rules reloading. This has been messed up a lot because there were multiple files which indicated that a reload is needed; shell commands were used to create and remove the indicator file; some functions were duplicated. --- diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index c592d5d0c..8236f07ab 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -1137,4 +1137,23 @@ sub write_file_utf8 ($) { return; } +my $FIREWALL_RELOAD_INDICATOR = "${General::swroot}/forward/reread"; + +sub firewall_config_changed() { + open FILE, ">$FIREWALL_RELOAD_INDICATOR" or die "Could not open $FIREWALL_RELOAD_INDICATOR"; + close FILE; +} + +sub firewall_needs_reload() { + if (-e "$FIREWALL_RELOAD_INDICATOR") { + return 1; + } + + return 0; +} + +sub firewall_reload() { + system("/usr/local/bin/forwardfwctrl"); +} + 1; diff --git a/html/cgi-bin/forwardfw.cgi b/html/cgi-bin/forwardfw.cgi index a142e199d..5e62dbcb9 100755 --- a/html/cgi-bin/forwardfw.cgi +++ b/html/cgi-bin/forwardfw.cgi @@ -385,7 +385,7 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule') &newrule; }else{ if($fwdfwsettings{'nosave2'} ne 'on'){ - &rules; + &General::firewall_config_changed(); } &base; } @@ -404,7 +404,7 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw toggle'}) } } &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); - &rules; + &General::firewall_config_changed(); &base; } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) @@ -417,12 +417,12 @@ if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw togglelog'}) } } &General::writehasharray($fwdfwsettings{'config'}, \%togglehash); - &rules; + &General::firewall_config_changed(); &base; } if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'}) { - &reread_rules; + &General::firewall_reload(); &base; } if ($fwdfwsettings{'ACTION'} eq 'editrule') @@ -469,7 +469,7 @@ sub addrule END - if (-f "${General::swroot}/forward/reread") { + if (&General::firewall_needs_reload()) { print < END @@ -1012,7 +1012,7 @@ sub deleterule delete $delhash{$last_key}; &General::writehasharray($fwdfwsettings{'config'}, \%delhash); - &rules; + &General::firewall_config_changed(); if($fwdfwsettings{'nobase'} ne 'on'){ &base; @@ -1028,7 +1028,7 @@ sub disable_rule } } &General::writehasharray("$configfwdfw", \%configfwdfw); - &rules; + &General::firewall_config_changed(); } sub dec_counter { @@ -2102,7 +2102,7 @@ sub pos_up } } &General::writehasharray($fwdfwsettings{'config'}, \%uphash); - &rules; + &General::firewall_config_changed(); } sub pos_down { @@ -2129,22 +2129,7 @@ sub pos_down } } &General::writehasharray($fwdfwsettings{'config'}, \%downhash); - &rules; -} -sub rules -{ - if (!-f "${General::swroot}/forward/reread"){ - system("touch ${General::swroot}/forward/reread"); - system("touch ${General::swroot}/fwhosts/reread"); - } -} -sub reread_rules -{ - system("/usr/local/bin/forwardfwctrl"); - if ( -f "${General::swroot}/forward/reread"){ - system("rm ${General::swroot}/forward/reread"); - system("rm ${General::swroot}/fwhosts/reread"); - } + &General::firewall_config_changed(); } sub saverule { @@ -2286,7 +2271,7 @@ sub saverule $fwdfwsettings{'oldrulenumber'}--; } &General::writehasharray("$config", $hash); - &rules; + &General::firewall_config_changed(); }elsif($fwdfwsettings{'rulepos'} > $fwdfwsettings{'oldrulenumber'}){ my %tmp=(); my $val=$fwdfwsettings{'rulepos'}-$fwdfwsettings{'oldrulenumber'}; @@ -2313,7 +2298,7 @@ sub saverule $fwdfwsettings{'oldrulenumber'}++; } &General::writehasharray("$config", $hash); - &rules; + &General::firewall_config_changed(); } } } diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index cbe325c1d..ebd1fdce8 100755 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -114,11 +114,6 @@ print< 0 ) { - &rules; + &General::firewall_config_changed(); } &addgrp; &viewtablegrp; @@ -829,7 +824,7 @@ if ($fwhostsettings{'ACTION'} eq 'saveservicegrp') $fwhostsettings{'updatesrvgrp'}='on'; } if ($count gt 0){ - &rules; + &General::firewall_config_changed(); } &addservicegrp; &viewtableservicegrp; @@ -944,7 +939,9 @@ if ($fwhostsettings{'ACTION'} eq 'deletegrphost') } } &General::writehasharray("$configgrp", \%customgrp); - if ($fwhostsettings{'grpcnt'} > 0){&rules;} + if ($fwhostsettings{'grpcnt'} > 0){ + &General::firewall_config_changed(); + } if ($fwhostsettings{'update'} eq 'on'){ $fwhostsettings{'remark'}= $grpremark; $fwhostsettings{'grp_name'}=$grpname; @@ -1023,7 +1020,7 @@ if ($fwhostsettings{'ACTION'} eq 'delgrpservice') } } &General::writehasharray("$configsrvgrp", \%customservicegrp); - &rules; + &General::firewall_config_changed(); if ($fwhostsettings{'updatesrvgrp'} eq 'on'){ $fwhostsettings{'SRVGRP_NAME'}=$grpname; $fwhostsettings{'SRVGRP_REMARK'}=$grpremark; @@ -1112,11 +1109,7 @@ if($fwhostsettings{'ACTION'} eq '') &showmenu; } ### FUNCTIONS ### -sub showmenu -{ - if (-f "${General::swroot}/forward/reread"){ - print "
    $Lang::tr{'fwhost reread'}

"; - } +sub showmenu { &Header::openbox('100%', 'left',$Lang::tr{'fwhost menu'}); print "$Lang::tr{'fwhost welcome'}"; print<; close FILE; @@ -72,21 +66,15 @@ if ($fwdfwsettings{'ACTION'} eq 'togglep2p') print FILE "$p2pline[0];$p2pline[1];$p2pline[2];\n"; } close FILE; - &rules; - &p2pblock; -} -if ($fwdfwsettings{'ACTION'} eq $Lang::tr{'fwdfw reread'}) -{ - &reread_rules; - &p2pblock; -} + &General::firewall_config_changed(); + &p2pblock(); +} else { + &p2pblock(); +} sub p2pblock { - if (-f "${General::swroot}/forward/reread"){ - print "
    $Lang::tr{'fwhost reread'}

"; - } my $gif; open( FILE, "< $p2pfile" ) or die "Unable to read $p2pfile"; @p2ps = ; @@ -115,20 +103,6 @@ END print"


$Lang::tr{'fwdfw p2p txt'}
"; &Header::closebox(); } -sub rules -{ - if (!-f "${General::swroot}/forward/reread"){ - system("touch ${General::swroot}/forward/reread"); - system("touch ${General::swroot}/fwhosts/reread"); - } -} -sub reread_rules -{ - system("/usr/local/bin/forwardfwctrl"); - if ( -f "${General::swroot}/forward/reread"){ - system("rm ${General::swroot}/forward/reread"); - system("rm ${General::swroot}/fwhosts/reread"); - } -} + &Header::closebigbox(); &Header::closepage(); diff --git a/src/misc-progs/forwardfwctrl.c b/src/misc-progs/forwardfwctrl.c index 797d27ac5..9f3f28e8b 100644 --- a/src/misc-progs/forwardfwctrl.c +++ b/src/misc-progs/forwardfwctrl.c @@ -5,12 +5,21 @@ * */ +#include + #include "setuid.h" int main(int argc, char *argv[]) { if (!(initsetuid())) exit(1); - safe_system("/var/ipfire/forward/bin/rules.pl"); + int retval = safe_system("/var/ipfire/forward/bin/rules.pl"); + + /* If rules.pl has been successfully executed, the indicator + * file is removed. */ + if (retval == 0) { + unlink("/var/ipfire/forward/reread"); + } + return 0; }