From 1e1802ef134da9a5d1d70f685b205a5dc2b86725 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 21 Jun 2006 20:44:48 +0000 Subject: [PATCH] Don't defer processing of chain/action-specific extension scripts until run-time git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4153 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/compiler | 19 ++++++++----------- Shorewall/releasenotes.txt | 11 ++++++++++- 3 files changed, 20 insertions(+), 12 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 7ecff9635..c920de2ae 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -8,6 +8,8 @@ Changes in 3.2.0 RC 5 4) Make the 'try' command use the correct SHOREWALL_SHELL. +5) Don't defer Action/chain extension script processing until run-time. + ------------------------------------------------------------------------------- Changes in 3.2.0 RC 4 diff --git a/Shorewall/compiler b/Shorewall/compiler index 20d50910b..fd0ccc372 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -3689,19 +3689,16 @@ process_action() # $1 = chain (Chain to add the rules to) } # -# Append a file in ${VARDIR} to $OUTPUT +# Source the extension script for an action, if any # -append_action_file() # $1 = File Name +process_action_file() # $1 = File Name { local user_exit=$(find_file $1) if [ -f $user_exit ]; then - save_progress_message "Processing $user_exit ..." - save_command "CHAIN=$CHAIN" - save_command "LEVEL=$LEVEL" - save_command "TAG=$TAG" + progress_message2 "Processing $user_exit ..." - append_file $user_exit + . $user_exit fi } @@ -3758,7 +3755,7 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ] [ none = "${LEVEL%\!}" ] && LEVEL= - append_action_file $1 + process_action_file $1 eval ${action}_chains=\"\$${action}_chains $level $CHAIN\" @@ -3788,7 +3785,7 @@ createactionchain() # $1 = Action, including log level and tag if any TAG= createchain $CHAIN no - append_action_file $CHAIN + process_action_file $CHAIN ;; esac } @@ -6056,7 +6053,7 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone local loglevel= local policychain= - append_file $1 + run_user_exit $1 eval policychain=\$${2}2${3}_policychain @@ -7449,7 +7446,7 @@ apply_policy_rules() { for zone1 in $FW $ZONES; do chain=${zone}2${zone1} if havechain $chain; then - append_file $chain + run_user_exit $chain default_policy $zone $zone1 fi done diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 164d83745..af2d44b95 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -62,6 +62,12 @@ Problems Corrected in 3.2.0 RC 5 Shorewall version 3.4. "shorewall save && shorewall restart " is a faster way to accomplish the same thing. +5) Previously, if A was an action and /etc/shorewall/A existed, then + /etc/shorewall/A was copied into the compiled program. That file is + now processed in the context of the compiler. Similarly, if C is a + chain and /etc/shorewall/C exists then the file is processed by the + compiler rather than being copied into the compiled script. + Other changes in 3.2.0 RC 5 None. @@ -126,7 +132,10 @@ Migration Considerations: This clumsiness has been eliminated in Shorewall 3.2. In Shorewall 3.2, extension scripts are copied in-line into the compiled program and are - executed in-line during "start", "restart" and "restore". + executed in-line during "start", "restart" and "restore". This + applies to all extension scripts except those associated with a + chain or action -- those extension scripts continue to be processed + at compile time. This new approach has two implications for existing scripts.