extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 23:57:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate EXPORTPARAMS

Browse Source
This commit is contained in:
Tom Eastep 2011-01-09 10:12:36 -08:00
parent 14c4bd99aa
commit 08f09d7de0
11 changed files with 75 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -198,7 +198,7 @@ our %EXPORT_TAGS = (
Exporter::export_ok_tags('internal'); Exporter::export_ok_tags('internal');
our $VERSION = '4.4_16'; our $VERSION = '4.4_17';
# #
# Chain Table # Chain Table

8
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -43,7 +43,7 @@ use Shorewall::Misc;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( compiler ); our @EXPORT = qw( compiler );
our @EXPORT_OK = qw( $export ); our @EXPORT_OK = qw( $export );
our $VERSION = '4.4_16'; our $VERSION = '4.4_17';
our $export; our $export;
@ -229,7 +229,11 @@ sub generate_script_2() {
set_chain_variables; set_chain_variables;
append_file 'params' if $config{EXPORTPARAMS}; if ( $config{EXPORTPARAMS} ) {
append_file 'params';
} else {
export_params;
}
emit ( '', emit ( '',
"g_stopping=", "g_stopping=",

31
Shorewall/Perl/Shorewall/Config.pm
View File

@ -98,6 +98,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
pop_open pop_open
push_params push_params
pop_params pop_params
export_params
read_a_line read_a_line
validate_level validate_level
which which
@ -135,7 +136,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
Exporter::export_ok_tags('internal'); Exporter::export_ok_tags('internal');
our $VERSION = '4.4_16'; our $VERSION = '4.4_17';
# #
# describe the current command, it's present progressive, and it's completion. # describe the current command, it's present progressive, and it's completion.
@ -3024,6 +3025,34 @@ sub get_params() {
} }
} }
#
# emit param=value for each param set in the params file
#
sub export_params() {
#
# These are variables that the compiler adds to the hash
#
my %exclude = ( root => 1,
system => 1,
files => 1,
destination => 1,
command => 1,
FW => 1,
CONFDIR => 1 );
while ( my ( $param, $value ) = each %params ) {
next if $exclude{$param};
#
# Don't export pairs from %ENV
#
if ( exists $ENV{$param} && defined $ENV{$param} ) {
next if $value eq $ENV{$param};
}
emit "$param='$value'";
}
}
# #
# - Read the shorewall.conf file # - Read the shorewall.conf file
# - Read the capabilities file, if any # - Read the capabilities file, if any

6
Shorewall/changelog.txt
View File

@ -1,6 +1,10 @@
Changes in Shorewall 4.4.17 Beta 1 Changes in Shorewall 4.4.17 Beta 1
1) None. 1) Improve readability of logging logic in expand_rule().
2) Improve efficency of oddball targets in process_rule1().
3) Export (param,value) pairs with EXPORTPARAMS=No.
Changes in Shorewall 4.4.16 RC 1 Changes in Shorewall 4.4.16 RC 1

2
Shorewall/configfiles/shorewall.conf
View File

@ -152,7 +152,7 @@ HIGH_ROUTE_MARKS=No
OPTIMIZE=0 OPTIMIZE=0
EXPORTPARAMS=Yes EXPORTPARAMS=No
EXPAND_POLICIES=Yes EXPAND_POLICIES=Yes

4
Shorewall/releasenotes.txt
View File

@ -27,7 +27,9 @@ None.
I I I. N E W F E A T U R E S I N T H I S R E L E A S E I I I. N E W F E A T U R E S I N T H I S R E L E A S E
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
None. 1) The (param,value) pairs set in /etc/shorewall/params
(/etc/shorewall6/params) are now available at run-time with
EXPORTPARAMS=No. The EXPORTPARAMS parameter is now deprecated.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S

2
Shorewall6/shorewall6.conf
View File

@ -121,7 +121,7 @@ HIGH_ROUTE_MARKS=No
OPTIMIZE=1 OPTIMIZE=1
EXPORTPARAMS=Yes EXPORTPARAMS=No
EXPAND_POLICIES=Yes EXPAND_POLICIES=Yes

12
docs/CompiledPrograms.xml
View File

@ -510,8 +510,10 @@ clean:
<para>The <filename>params</filename> file is not processed at run <para>The <filename>params</filename> file is not processed at run
time if you set EXPORTPARAMS=No in time if you set EXPORTPARAMS=No in
<filename>shorewall.conf</filename>. For run-time setting of shell <filename>shorewall.conf</filename>. For run-time setting of shell
variables, use the <filename>init</filename> extension variables, use the <filename>init</filename> extension script.
script.</para> Beginning with Shorewall 4.4.17, the variables set in the
<filename>params</filename> file are available in the firewall
script when EXPORTPARAMS=No.</para>
<para>If the <filename>params</filename> file needs to set shell <para>If the <filename>params</filename> file needs to set shell
variables based on the configuration of the firewall system, you variables based on the configuration of the firewall system, you
@ -612,8 +614,10 @@ clean:
<filename>shorewall.conf</filename>. For run-time setting of <filename>shorewall.conf</filename>. For run-time setting of
shell variables, use the <filename>init</filename> extension shell variables, use the <filename>init</filename> extension
script. Although the default setting is EXPORTPARAMS=Yes for script. Although the default setting is EXPORTPARAMS=Yes for
compatibility, the recommended setting is compatibility, the recommended setting is EXPORTPARAMS=No.
EXPORTPARAMS=No.</para> Beginning with Shorewall 4.4.17, the variables set in the
<filename>params</filename> file are available in the firewall
script when EXPORTPARAMS=No.</para>
<para>If the <filename>params</filename> file needs to set shell <para>If the <filename>params</filename> file needs to set shell
variables based on the configuration of the firewall system, you variables based on the configuration of the firewall system, you

9
docs/configuration_file_basics.xml
View File

@ -649,7 +649,9 @@ ACCEPT net:\
<filename>shorewall.conf</filename>. That prevents the <filename>shorewall.conf</filename>. That prevents the
<filename>params</filename> file from being copied into the compiled <filename>params</filename> file from being copied into the compiled
script. With EXPORTPARAMS=No, it is perfectly okay to use INCLUDE in the script. With EXPORTPARAMS=No, it is perfectly okay to use INCLUDE in the
<filename>params</filename> file.</para> <filename>params</filename> file. Note that with Shorewall 4.4.17 and
later, the variables set at compile time are available at run-time even
with EXPORTPARAMS=No.</para>
</caution> </caution>
<example id="include"> <example id="include">
@ -860,8 +862,9 @@ SHELL cat /etc/shorewall/rules.d/*.rules</programlisting></para>
run-time. If you have set EXPORTPARAMS=No in run-time. If you have set EXPORTPARAMS=No in
<filename>shorewall.conf</filename>, then the <filename>shorewall.conf</filename>, then the
<filename><filename>params</filename></filename> file is only <filename><filename>params</filename></filename> file is only
processed by the compiler; it is not run by the compiled processed by the compiler; it is not run by the compiled script.
script.</para> Beginning with Shorewall 4.4.17, the values of the variables set at
compile time are available at run time with EXPORTPRARMS=No.</para>
</listitem> </listitem>
<listitem> <listitem>

10
manpages/shorewall.conf.xml
View File

@ -548,9 +548,15 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<varlistentry> <varlistentry>
<term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis <term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}
(Deprecated beginning with Shorewall 4.4.17)</term>
<listitem> <listitem>
<para>Beginning with Shorewall 4.4.17, the variables set in the
'params' file at compile time are available at run time with
EXPORTPARAMS=No. As a consequence, beginning with that version the
recommended setting is EXPORTPARAMS=No. </para>
<para>It is quite difficult to code a 'params' file that assigns <para>It is quite difficult to code a 'params' file that assigns
other than constant values such that it works correctly with other than constant values such that it works correctly with
Shorewall Lite. The EXPORTPARAMS option works around this problem. Shorewall Lite. The EXPORTPARAMS option works around this problem.
@ -583,8 +589,6 @@ net all DROP info</programlisting>then the chain name is 'net2all'
or RELATED sections of <ulink or RELATED sections of <ulink
url="shorewall-rules.html">shorewall-rules</ulink>(5).</para> url="shorewall-rules.html">shorewall-rules</ulink>(5).</para>
<para></para>
<note> <note>
<para>FASTACCEPT=Yes is incompatible with <para>FASTACCEPT=Yes is incompatible with
BLACKLISTNEWONLY=No.</para> BLACKLISTNEWONLY=No.</para>

8
manpages6/shorewall6.conf.xml
View File

@ -465,9 +465,15 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<varlistentry> <varlistentry>
<term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis <term><emphasis role="bold">EXPORTPARAMS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}
(Deprecated beginning with Shorewall 4.4.17)</term>
<listitem> <listitem>
<para>Beginning with Shorewall 4.4.17, the variables set in the
'params' file at compile time are available at run time with
EXPORTPARAMS=No. As a consequence, beginning with that version the
recommended setting is EXPORTPARAMS=No. </para>
<para>It is quite difficult to code a 'params' file that assigns <para>It is quite difficult to code a 'params' file that assigns
other than constant values such that it works correctly with other than constant values such that it works correctly with
Shorewall6 Lite. The EXPORTPARAMS option works around this problem. Shorewall6 Lite. The EXPORTPARAMS option works around this problem.