Process config options in file order during update.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-03-12 17:09:41 -07:00
parent b13014c9ab
commit 037fe490f3
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 21 additions and 25 deletions

View File

@ -5432,6 +5432,7 @@ EOF
sub process_shorewall_conf( $$ ) { sub process_shorewall_conf( $$ ) {
my ( $update, $annotate ) = @_; my ( $update, $annotate ) = @_;
my $file = find_file "$product.conf"; my $file = find_file "$product.conf";
my @vars;
if ( -f $file ) { if ( -f $file ) {
$globals{CONFIGDIR} = $configfile = $file; $globals{CONFIGDIR} = $configfile = $file;
@ -5448,8 +5449,6 @@ sub process_shorewall_conf( $$ ) {
if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*)$/ ) { if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*)$/ ) {
my ($var, $val) = ($1, $2); my ($var, $val) = ($1, $2);
expand_variables( $val ) unless $update || $val =~ /^'.*'$/;
if ( exists $config{$var} ) { if ( exists $config{$var} ) {
if ( $eliminated{$var} && ! $update ) { if ( $eliminated{$var} && ! $update ) {
fatal_error "The $var configuration option has been superceded - please run '$product update'"; fatal_error "The $var configuration option has been superceded - please run '$product update'";
@ -5466,6 +5465,11 @@ sub process_shorewall_conf( $$ ) {
next; next;
} }
if ( $update ) {
push @vars, $var;
} else {
expand_variables( $val ) unless $val =~ /^'.*'$/;
}
$config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val ); $config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val );
@ -5493,19 +5497,12 @@ sub process_shorewall_conf( $$ ) {
# Config file update requires that the option values not have # Config file update requires that the option values not have
# Shell variables expanded. We do that now. # Shell variables expanded. We do that now.
# #
# We must first make LOG_LEVEL a variable because the order in which # To handle options like LOG_LEVEL, we process the options
# the values are processed below is not the order in which they appear # in the order in which they appear in the .conf file.
# in the config file.
# #
$config{LOG_LEVEL} = '' unless defined $config{LOG_LEVEL}; for ( @vars ) {
if ( supplied( my $val = $config{$_} ) ) {
my %log_level = ( LOG_LEVEL => $config{LOG_LEVEL} ); expand_variables( $config{$_} ) unless $val =~ /^'.*'$/;
add_variables( %log_level );
for ( values %config ) {
if ( supplied $_ ) {
expand_variables( $_ ) unless /^'.*'$/;
} }
} }
} }

View File

@ -50,7 +50,7 @@
Linux Distributions. The following diagram shows the entire Linux Distributions. The following diagram shows the entire
network.</para> network.</para>
<graphic align="center" fileref="images/Network2008a.png" /> <graphic align="center" fileref="images/Network2008a.png"/>
<para>My personal laptop (Ursa) hosts the virtual machines. As shown in <para>My personal laptop (Ursa) hosts the virtual machines. As shown in
the diagram, Ursa has routes to the Internet through both the the diagram, Ursa has routes to the Internet through both the
@ -66,12 +66,12 @@
<section> <section>
<title>Networking Configuration</title> <title>Networking Configuration</title>
<para>I use a network configuration where each VM has its own VNET and <para>I use a network configuration where each VM has its own VNET and tap
tap device and the tap devices are all configured as ports on a Linux device and the tap devices are all configured as ports on a Linux Bridge.
Bridge. For clarity, I've only shown four of the virtual machines For clarity, I've only shown four of the virtual machines available on the
available on the system.</para> system.</para>
<graphic align="center" fileref="images/KVM1.png" /> <graphic align="center" fileref="images/KVM1.png"/>
<para>I run <ulink url="???">dmsmasq</ulink> to act as a DHCP server and <para>I run <ulink url="???">dmsmasq</ulink> to act as a DHCP server and
name server for the VMs.</para> name server for the VMs.</para>
@ -82,11 +82,10 @@
<para>With this configuration, and with only a single network interface on <para>With this configuration, and with only a single network interface on
the laptop, this is just a simple <ulink the laptop, this is just a simple <ulink
url="two-interface.html">two-interface masquerading setup</ulink> where url="two-interface.htm">two-interface masquerading setup</ulink> where the
the local network interface is <filename local network interface is <filename class="devicefile">br0</filename>. As
class="devicefile">br0</filename>. As with all bridges, <filename with all bridges, <filename class="devicefile">br0</filename> must be
class="devicefile">br0</filename> must be configured with the configured with the <option>routeback</option> option in <ulink
<option>routeback</option> option in <ulink
url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para> url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
<para>For additional information about this setup, including the Shorewall <para>For additional information about this setup, including the Shorewall