+try () {
+ old=$1 new=$2
+ ## Install the NEW firewall rules. If it fails, revert to the OLD ones.
+ ## Updating firewall rules can fail spectacularly, so be careful. Leave a
+ ## timebomb in the form of NEW.errors: if this isn't removed in 10 seconds
+ ## after the NEW rules complete successfully, then revert. Write errors to
+ ## NEW.errors.
+
+ ## Make sure we have an escape route.
+ iptables-save >/var/run/firewall.save.new
+ ip6tables-save >/var/run/firewall6.save.new
+ mv /var/run/firewall.save.new /var/run/firewall.save
+ mv /var/run/firewall6.save.new /var/run/firewall6.save
+
+ ## Clear the air and make the errors file.
+ rm -f "$new.errors" "$new.timebomb" "$new.grabbed"
+ exec >"$new.errors" 2>&1
+
+ ## Now try to install the new firewall.
+ "$new" install || revert "$old" "Failed"
+
+ ## Set up the time bomb. Leave the errors file there if we failed.
+ (sleep 10
+ if [ -f "$new.errors" ]; then
+ mv "$new.errors" "$new.timebomb"
+ revert "$old" "Time bomb"
+ fi)&
+}
+
+catch () {
+ new=$1
+ ## Report successful installation of the script.
+
+ if mv "$new.errors" "$new.grabbed" 2>/dev/null; then
+ rc=0
+ echo "Installed OK."
+ else
+ mv "$new.timebomb" "$new.grabbed"
+ echo "Timebomb went off."
+ rc=1
+ fi
+ cat "$new.grabbed" >&2
+ rm -f "$new.grabbed"
+ return $rc
+}
+