diff --git a/Samples/one-interface/shorewall.conf b/Samples/one-interface/shorewall.conf index 539a47704..b6fb1ee8a 100644 --- a/Samples/one-interface/shorewall.conf +++ b/Samples/one-interface/shorewall.conf @@ -70,6 +70,8 @@ TC= IPSET= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Samples/three-interfaces/shorewall.conf b/Samples/three-interfaces/shorewall.conf index 3d8f3e399..b584628a4 100644 --- a/Samples/three-interfaces/shorewall.conf +++ b/Samples/three-interfaces/shorewall.conf @@ -70,6 +70,8 @@ TC= IPSET= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Samples/two-interfaces/shorewall.conf b/Samples/two-interfaces/shorewall.conf index 190dce031..cc8a2d0aa 100644 --- a/Samples/two-interfaces/shorewall.conf +++ b/Samples/two-interfaces/shorewall.conf @@ -77,6 +77,8 @@ TC= IPSET= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Samples6/one-interface/shorewall6.conf b/Samples6/one-interface/shorewall6.conf index 64752ac0e..2da9c1b9f 100644 --- a/Samples6/one-interface/shorewall6.conf +++ b/Samples6/one-interface/shorewall6.conf @@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info IP6TABLES= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Samples6/three-interfaces/shorewall6.conf b/Samples6/three-interfaces/shorewall6.conf index e5d149338..5f8ac294e 100644 --- a/Samples6/three-interfaces/shorewall6.conf +++ b/Samples6/three-interfaces/shorewall6.conf @@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info IP6TABLES= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Samples6/two-interfaces/shorewall6.conf b/Samples6/two-interfaces/shorewall6.conf index c12899af0..604bc3086 100644 --- a/Samples6/two-interfaces/shorewall6.conf +++ b/Samples6/two-interfaces/shorewall6.conf @@ -58,6 +58,8 @@ SMURF_LOG_LEVEL=info IP6TABLES= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 025b3a397..7812a24fc 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -380,6 +380,7 @@ sub initialize( $ ) { IP => undef, TC => undef, IPSET => undef, + PERL => undef, # #PATH is inherited # @@ -1769,7 +1770,9 @@ sub embedded_perl( $ ) { # - Handle INCLUDE # -sub read_a_line() { +sub read_a_line(;$) { + my $embedded_enabled = defined $_[0] ? shift : 1; + while ( $currentfile ) { $currentline = ''; @@ -1815,53 +1818,59 @@ sub read_a_line() { # # Must check for shell/perl before doing variable expansion # - if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) { - embedded_shell( $1 ); - } elsif ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) { - embedded_perl( $1 ); - } else { - my $count = 0; - # - # Expand Shell Variables using %ENV - # - # $1 $2 $3 - $4 - while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) { - my $val = $ENV{$3}; - - unless ( defined $val ) { - fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3}; - $val = ''; - } - - $currentline = join( '', $1 , $val , $4 ); - fatal_error "Variable Expansion Loop" if ++$count > 100; + if ( $embedded_enabled ) { + if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) { + embedded_shell( $1 ); + next; } - if ( $currentline =~ /^\s*INCLUDE\s/ ) { + if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) { + embedded_perl( $1 ); + next; + } + } - my @line = split ' ', $currentline; + my $count = 0; + # + # Expand Shell Variables using %ENV + # + # $1 $2 $3 - $4 + while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) { + my $val = $ENV{$3}; - fatal_error "Invalid INCLUDE command" if @line != 2; - fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4; + unless ( defined $val ) { + fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3}; + $val = ''; + } - my $filename = find_file $line[1]; + $currentline = join( '', $1 , $val , $4 ); + fatal_error "Variable Expansion Loop" if ++$count > 100; + } - fatal_error "INCLUDE file $filename not found" unless -f $filename; - fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _; + if ( $currentline =~ /^\s*INCLUDE\s/ ) { - if ( -s _ ) { - push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ]; - $currentfile = undef; - do_open_file $filename; - } else { - $currentlinenumber = 0; - } + my @line = split ' ', $currentline; - $currentline = ''; + fatal_error "Invalid INCLUDE command" if @line != 2; + fatal_error "INCLUDEs/Scripts nested too deeply" if @includestack >= 4; + + my $filename = find_file $line[1]; + + fatal_error "INCLUDE file $filename not found" unless -f $filename; + fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _; + + if ( -s _ ) { + push @includestack, [ $currentfile, $currentfilename, $currentlinenumber ]; + $currentfile = undef; + do_open_file $filename; } else { - print "IN===> $currentline\n" if $debug; - return 1; + $currentlinenumber = 0; } + + $currentline = ''; + } else { + print "IN===> $currentline\n" if $debug; + return 1; } } @@ -2679,7 +2688,7 @@ sub process_shorewall_conf() { first_entry "Processing $file..."; - while ( read_a_line ) { + while ( read_a_line(0) ) { if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*?)\s*$/ ) { my ($var, $val) = ($1, $2); unless ( exists $config{$var} ) { diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index b87876ca6..54798632c 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -22,6 +22,8 @@ Changes in Shorewall 4.4.11 10) Avoid missing closing quote when REQUIRE_INTERFACE=Yes. +11) Add PERL option. + Changes in Shorewall 4.4.10 1) Fix regression with scripts. diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 745a0ec78..d1a4c562f 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -59,6 +59,8 @@ TC= IPSET= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index f8030ea0c..2047f2212 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -308,7 +308,13 @@ None. 3) A new column (NET3) has been added to the /etc/shorewall/netmap file. This new column can qualify the INTERFACE column by specifying a SOURCE network (DNAT rule) or DEST network (SNAT rule) - associated with the interface. + associated with the interface. + +4) To accomodate systems with more than one version of Perl installed, + the shorewall.conf and shorewall6.conf files now support a PERL + option. If the program specified by that option does not exist or + is not executable, Shorewall (and Shorewall6) fall back to + /usr/bin/perl. ---------------------------------------------------------------------------- V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S diff --git a/Shorewall/shorewall b/Shorewall/shorewall index a12582b24..bab9a9bc4 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -360,7 +360,16 @@ compiler() { run_user_exit params set +a - /usr/bin/perl $debugflags /usr/share/shorewall/compiler.pl $options $@ + if [ -n "$PERL" ]; then + if [ ! -x "$PERL" ]; then + echo " WARNING: The program specified in the PERL option does not exist or is not executable; falling back to /usr/bin/perl" >&2 + PERL=/usr/bin/perl + fi + else + PERL=/usr/bin/perl + fi + + $PERL $debugflags /usr/share/shorewall/compiler.pl $options $@ } # diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 7641dfeb2..faf6660a9 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -299,7 +299,16 @@ compiler() { set +a fi - $command perl $debugflags $pc $options $@ + if [ -n "$PERL" ]; then + if [ ! -x "$PERL" ]; then + echo " WARNING: The program specified in PERL does not exist or is not executable; falling back to /usr/bin/perl" >&2 + PERL=/usr/bin/perl + fi + else + PERL=/usr/bin/perl + fi + + $command $PERL $debugflags $pc $options $@ } # diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf index 299bf91db..a7cb57ade 100644 --- a/Shorewall6/shorewall6.conf +++ b/Shorewall6/shorewall6.conf @@ -56,6 +56,8 @@ TC= IPSET= +PERL=/usr/bin/perl + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index 72b0afc96..f9d57294b 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -1320,6 +1320,19 @@ net all DROP infothen the chain name is 'net2all' + + PERL=pathname + + + Added in Shorewall 4.4.11 RC1. Specifies the path name of the + Perl executable. Default is /usr/bin/perl. If + the pathname specified by this option does not exist or the named + file is not executable, then Shorewall falls back to + /usr/bin/perl/ + + + PKTTYPE={Yes|No} diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml index dbab2cc7d..e8d7dc1a9 100644 --- a/manpages6/shorewall6.conf.xml +++ b/manpages6/shorewall6.conf.xml @@ -1100,6 +1100,19 @@ net all DROP infothen the chain name is 'net2all' + + PERL=pathname + + + Added in Shorewall 4.4.11 RC1. Specifies the path name of the + Perl executable. Default is /usr/bin/perl. If + the pathname specified by this option does not exist or the named + file is not executable, then Shorewall6 falls back to + /usr/bin/perl/ + + + RCP_COMMAND="command