mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-25 23:59:01 +01:00
Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
4547067da9
commit
02fab09a14
@ -70,6 +70,8 @@ TC=
|
||||
|
||||
IPSET=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -70,6 +70,8 @@ TC=
|
||||
|
||||
IPSET=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -77,6 +77,8 @@ TC=
|
||||
|
||||
IPSET=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info
|
||||
|
||||
IP6TABLES=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info
|
||||
|
||||
IP6TABLES=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info
|
||||
|
||||
IP6TABLES=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -380,6 +380,7 @@ sub initialize( $ ) {
|
||||
IP => undef,
|
||||
TC => undef,
|
||||
IPSET => undef,
|
||||
PERL => undef,
|
||||
#
|
||||
#PATH is inherited
|
||||
#
|
||||
@ -1769,7 +1770,9 @@ sub embedded_perl( $ ) {
|
||||
# - Handle INCLUDE <filename>
|
||||
#
|
||||
|
||||
sub read_a_line() {
|
||||
sub read_a_line(;$) {
|
||||
my $embedded_enabled = defined $_[0] ? shift : 1;
|
||||
|
||||
while ( $currentfile ) {
|
||||
|
||||
$currentline = '';
|
||||
@ -1815,53 +1818,59 @@ sub read_a_line() {
|
||||
#
|
||||
# Must check for shell/perl before doing variable expansion
|
||||
#
|
||||
if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
|
||||
embedded_shell( $1 );
|
||||
} elsif ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
|
||||
embedded_perl( $1 );
|
||||
} else {
|
||||
my $count = 0;
|
||||
#
|
||||
# Expand Shell Variables using %ENV
|
||||
#
|
||||
# $1 $2 $3 - $4
|
||||
while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
|
||||
my $val = $ENV{$3};
|
||||
|
||||
unless ( defined $val ) {
|
||||
fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3};
|
||||
$val = '';
|
||||
}
|
||||
|
||||
$currentline = join( '', $1 , $val , $4 );
|
||||
fatal_error "Variable Expansion Loop" if ++$count > 100;
|
||||
if ( $embedded_enabled ) {
|
||||
if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
|
||||
embedded_shell( $1 );
|
||||
next;
|
||||
}
|
||||
|
||||
if ( $currentline =~ /^\s*INCLUDE\s/ ) {
|
||||
if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
|
||||
embedded_perl( $1 );
|
||||
next;
|
||||
}
|
||||
}
|
||||
|
||||
my @line = split ' ', $currentline;
|
||||
my $count = 0;
|
||||
#
|
||||
# Expand Shell Variables using %ENV
|
||||
#
|
||||
# $1 $2 $3 - $4
|
||||
while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
|
||||
my $val = $ENV{$3};
|
||||
|
||||
fatal_error "Invalid INCLUDE command" if @line != 2;
|
||||
fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4;
|
||||
unless ( defined $val ) {
|
||||
fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3};
|
||||
$val = '';
|
||||
}
|
||||
|
||||
my $filename = find_file $line[1];
|
||||
$currentline = join( '', $1 , $val , $4 );
|
||||
fatal_error "Variable Expansion Loop" if ++$count > 100;
|
||||
}
|
||||
|
||||
fatal_error "INCLUDE file $filename not found" unless -f $filename;
|
||||
fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
|
||||
if ( $currentline =~ /^\s*INCLUDE\s/ ) {
|
||||
|
||||
if ( -s _ ) {
|
||||
push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
|
||||
$currentfile = undef;
|
||||
do_open_file $filename;
|
||||
} else {
|
||||
$currentlinenumber = 0;
|
||||
}
|
||||
my @line = split ' ', $currentline;
|
||||
|
||||
$currentline = '';
|
||||
fatal_error "Invalid INCLUDE command" if @line != 2;
|
||||
fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4;
|
||||
|
||||
my $filename = find_file $line[1];
|
||||
|
||||
fatal_error "INCLUDE file $filename not found" unless -f $filename;
|
||||
fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _;
|
||||
|
||||
if ( -s _ ) {
|
||||
push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ];
|
||||
$currentfile = undef;
|
||||
do_open_file $filename;
|
||||
} else {
|
||||
print "IN===> $currentline\n" if $debug;
|
||||
return 1;
|
||||
$currentlinenumber = 0;
|
||||
}
|
||||
|
||||
$currentline = '';
|
||||
} else {
|
||||
print "IN===> $currentline\n" if $debug;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2679,7 +2688,7 @@ sub process_shorewall_conf() {
|
||||
|
||||
first_entry "Processing $file...";
|
||||
|
||||
while ( read_a_line ) {
|
||||
while ( read_a_line(0) ) {
|
||||
if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) {
|
||||
my ($var, $val) = ($1, $2);
|
||||
unless ( exists $config{$var} ) {
|
||||
|
@ -22,6 +22,8 @@ Changes in Shorewall 4.4.11
|
||||
|
||||
10) Avoid missing closing quote when REQUIRE_INTERFACE=Yes.
|
||||
|
||||
11) Add PERL option.
|
||||
|
||||
Changes in Shorewall 4.4.10
|
||||
|
||||
1) Fix regression with scripts.
|
||||
|
@ -59,6 +59,8 @@ TC=
|
||||
|
||||
IPSET=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -308,7 +308,13 @@ None.
|
||||
3) A new column (NET3) has been added to the /etc/shorewall/netmap
|
||||
file. This new column can qualify the INTERFACE column by
|
||||
specifying a SOURCE network (DNAT rule) or DEST network (SNAT rule)
|
||||
associated with the interface.
|
||||
associated with the interface.
|
||||
|
||||
4) To accomodate systems with more than one version of Perl installed,
|
||||
the shorewall.conf and shorewall6.conf files now support a PERL
|
||||
option. If the program specified by that option does not exist or
|
||||
is not executable, Shorewall (and Shorewall6) fall back to
|
||||
/usr/bin/perl.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
@ -360,7 +360,16 @@ compiler() {
|
||||
run_user_exit params
|
||||
set +a
|
||||
|
||||
/usr/bin/perl $debugflags /usr/share/shorewall/compiler.pl $options $@
|
||||
if [ -n "$PERL" ]; then
|
||||
if [ ! -x "$PERL" ]; then
|
||||
echo " WARNING: The program specified in the PERL option does not exist or is not executable; falling back to /usr/bin/perl" >&2
|
||||
PERL=/usr/bin/perl
|
||||
fi
|
||||
else
|
||||
PERL=/usr/bin/perl
|
||||
fi
|
||||
|
||||
$PERL $debugflags /usr/share/shorewall/compiler.pl $options $@
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -299,7 +299,16 @@ compiler() {
|
||||
set +a
|
||||
fi
|
||||
|
||||
$command perl $debugflags $pc $options $@
|
||||
if [ -n "$PERL" ]; then
|
||||
if [ ! -x "$PERL" ]; then
|
||||
echo " WARNING: The program specified in PERL does not exist or is not executable; falling back to /usr/bin/perl" >&2
|
||||
PERL=/usr/bin/perl
|
||||
fi
|
||||
else
|
||||
PERL=/usr/bin/perl
|
||||
fi
|
||||
|
||||
$command $PERL $debugflags $pc $options $@
|
||||
}
|
||||
|
||||
#
|
||||
|
@ -56,6 +56,8 @@ TC=
|
||||
|
||||
IPSET=
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
@ -1320,6 +1320,19 @@ net all DROP info</programlisting>then the chain name is 'net2all'
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">PERL=</emphasis><emphasis>pathname</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.11 RC1. Specifies the path name of the
|
||||
Perl executable. Default is <filename>/usr/bin/perl</filename>. If
|
||||
the pathname specified by this option does not exist or the named
|
||||
file is not executable, then Shorewall falls back to
|
||||
<filename>/usr/bin/perl/</filename></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">PKTTYPE=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
|
@ -1100,6 +1100,19 @@ net all DROP info</programlisting>then the chain name is 'net2all'
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">PERL=</emphasis><emphasis>pathname</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.11 RC1. Specifies the path name of the
|
||||
Perl executable. Default is <filename>/usr/bin/perl</filename>. If
|
||||
the pathname specified by this option does not exist or the named
|
||||
file is not executable, then Shorewall6 falls back to
|
||||
<filename>/usr/bin/perl/</filename></para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis
|
||||
role="bold">RCP_COMMAND="</emphasis><replaceable>command</replaceable><emphasis
|
||||
|
Loading…
Reference in New Issue
Block a user