extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-16 17:51:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate EXPORTPARAMS

Browse Source
This commit is contained in:
Tom Eastep 2011-01-09 10:12:36 -08:00
parent 14c4bd99aa
commit 08f09d7de0
11 changed files with 75 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -198,7 +198,7 @@ our %EXPORT_TAGS = (
Exporter::export_ok_tags('internal');
our $VERSION = '4.4_16';
our $VERSION = '4.4_17';
#
# Chain Table

8
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -43,7 +43,7 @@ use Shorewall::Misc;
our @ISA = qw(Exporter);
our @EXPORT = qw( compiler );
our @EXPORT_OK = qw( $export );
our $VERSION = '4.4_16';
our $VERSION = '4.4_17';
our $export;
@ -229,7 +229,11 @@ sub generate_script_2() {
set_chain_variables;
append_file 'params' if $config{EXPORTPARAMS};
if ( $config{EXPORTPARAMS} ) {
append_file 'params';
} else {
export_params;
}
emit ( '',
"g_stopping=",

31
Shorewall/Perl/Shorewall/Config.pm
View File

@ -98,6 +98,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
pop_open
push_params
pop_params
export_params
read_a_line
validate_level
which
@ -135,7 +136,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
Exporter::export_ok_tags('internal');
our $VERSION = '4.4_16';
our $VERSION = '4.4_17';
#
# describe the current command, it's present progressive, and it's completion.
@ -3024,6 +3025,34 @@ sub get_params() {
}
}
#
# emit param=value for each param set in the params file
#
sub export_params() {
#
# These are variables that the compiler adds to the hash
#
my %exclude = ( root => 1,
system => 1,
files => 1,
destination => 1,
command => 1,
FW => 1,
CONFDIR => 1 );
while ( my ( $param, $value ) = each %params ) {
next if $exclude{$param};
#
# Don't export pairs from %ENV
#
if ( exists $ENV{$param} && defined $ENV{$param} ) {
next if $value eq $ENV{$param};
}
emit "$param='$value'";
}
}
#
# - Read the shorewall.conf file
# - Read the capabilities file, if any

6
Shorewall/changelog.txt
View File

@ -1,6 +1,10 @@
Changes in Shorewall 4.4.17 Beta 1
1) None.
1) Improve readability of logging logic in expand_rule().
2) Improve efficency of oddball targets in process_rule1().
3) Export (param,value) pairs with EXPORTPARAMS=No.
Changes in Shorewall 4.4.16 RC 1

2
Shorewall/configfiles/shorewall.conf
View File

@ -152,7 +152,7 @@ HIGH_ROUTE_MARKS=No
OPTIMIZE=0
EXPORTPARAMS=Yes
EXPORTPARAMS=No
EXPAND_POLICIES=Yes

4
Shorewall/releasenotes.txt
View File

@ -27,7 +27,9 @@ None.
I I I. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
None.
1) The (param,value) pairs set in /etc/shorewall/params
(/etc/shorewall6/params) are now available at run-time with
EXPORTPARAMS=No. The EXPORTPARAMS parameter is now deprecated.
----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S

2
Shorewall6/shorewall6.conf
View File

@ -121,7 +121,7 @@ HIGH_ROUTE_MARKS=No
OPTIMIZE=1
EXPORTPARAMS=Yes
EXPORTPARAMS=No
EXPAND_POLICIES=Yes

12
docs/CompiledPrograms.xml
View File

@ -510,8 +510,10 @@ clean:
<para>The <filename>params</filename> file is not processed at run
time if you set EXPORTPARAMS=No in
<filename>shorewall.conf</filename>. For run-time setting of shell
variables, use the <filename>init</filename> extension
script.</para>
variables, use the <filename>init</filename> extension script.
Beginning with Shorewall 4.4.17, the variables set in the
<filename>params</filename> file are available in the firewall
script when EXPORTPARAMS=No.</para>
<para>If the <filename>params</filename> file needs to set shell
variables based on the configuration of the firewall system, you
@ -612,8 +614,10 @@ clean:
<filename>shorewall.conf</filename>. For run-time setting of
shell variables, use the <filename>init</filename> extension
script. Although the default setting is EXPORTPARAMS=Yes for
compatibility, the recommended setting is
EXPORTPARAMS=No.</para>
compatibility, the recommended setting is EXPORTPARAMS=No.
Beginning with Shorewall 4.4.17, the variables set in the
<filename>params</filename> file are available in the firewall
script when EXPORTPARAMS=No.</para>
<para>If the <filename>params</filename> file needs to set shell
variables based on the configuration of the firewall system, you

9
docs/configuration_file_basics.xml
View File

@ -649,7 +649,9 @@ ACCEPT net:\
<filename>shorewall.conf</filename>. That prevents the
<filename>params</filename> file from being copied into the compiled
script. With EXPORTPARAMS=No, it is perfectly okay to use INCLUDE in the
<filename>params</filename> file.</para>
<filename>params</filename> file. Note that with Shorewall 4.4.17 and
later, the variables set at compile time are available at run-time even
with EXPORTPARAMS=No.</para>
</caution>
<example id="include">
@ -860,8 +862,9 @@ SHELL cat /etc/shorewall/rules.d/*.rules</programlisting></para>
run-time. If you have set EXPORTPARAMS=No in
<filename>shorewall.conf</filename>, then the
<filename><filename>params</filename></filename> file is only
processed by the compiler; it is not run by the compiled
script.</para>
processed by the compiler; it is not run by the compiled script.
Beginning with Shorewall 4.4.17, the values of the variables set at
compile time are available at run time with EXPORTPRARMS=No.</para>
</listitem>
<listitem>

10
manpages/shorewall.conf.xml
View File

@ -548,9 +548,15 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<varlistentry>
<term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}
(Deprecated beginning with Shorewall 4.4.17)</term>
<listitem>
<para>Beginning with Shorewall 4.4.17, the variables set in the
'params' file at compile time are available at run time with
EXPORTPARAMS=No. As a consequence, beginning with that version the
recommended setting is EXPORTPARAMS=No. </para>
<para>It is quite difficult to code a 'params' file that assigns
other than constant values such that it works correctly with
Shorewall Lite. The EXPORTPARAMS option works around this problem.
@ -583,8 +589,6 @@ net all DROP info</programlisting>then the chain name is 'net2all'
or RELATED sections of <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5).</para>
<para></para>
<note>
<para>FASTACCEPT=Yes is incompatible with
BLACKLISTNEWONLY=No.</para>

8
manpages6/shorewall6.conf.xml
View File

@ -465,9 +465,15 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<varlistentry>
<term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}
(Deprecated beginning with Shorewall 4.4.17)</term>
<listitem>
<para>Beginning with Shorewall 4.4.17, the variables set in the
'params' file at compile time are available at run time with
EXPORTPARAMS=No. As a consequence, beginning with that version the
recommended setting is EXPORTPARAMS=No. </para>
<para>It is quite difficult to code a 'params' file that assigns
other than constant values such that it works correctly with
Shorewall6 Lite. The EXPORTPARAMS option works around this problem.