Don't defer processing of chain/action-specific extension scripts until run-time

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4153 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -8,6 +8,8 @@ Changes in 3.2.0 RC 5
 
 4)  Make the 'try' command use the correct SHOREWALL_SHELL.
 
+5)  Don't defer Action/chain extension script processing until run-time.
+
 -------------------------------------------------------------------------------
 Changes in 3.2.0 RC 4
 

Shorewall/compiler

@@ -3689,19 +3689,16 @@ process_action() # $1 = chain    (Chain to add the rules to)
 }
 
 #
-# Append a file in ${VARDIR} to $OUTPUT
+# Source the extension script for an action, if any
 #
-append_action_file() # $1 = File Name
+process_action_file() # $1 = File Name
 {
     local user_exit=$(find_file $1)
 
     if [ -f $user_exit ]; then
-	save_progress_message "Processing $user_exit ..."
+	progress_message2 "Processing $user_exit ..."
-	save_command "CHAIN=$CHAIN"
-	save_command "LEVEL=$LEVEL"
-	save_command "TAG=$TAG"
 
-	append_file $user_exit
+	. $user_exit
     fi
 }
 
@@ -3758,7 +3755,7 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
 
     [ none = "${LEVEL%\!}" ] && LEVEL=
 
-    append_action_file $1
+    process_action_file $1
 
     eval ${action}_chains=\"\$${action}_chains $level $CHAIN\"
 
@@ -3788,7 +3785,7 @@ createactionchain() # $1 = Action, including log level and tag if any
 	    TAG=
 	    createchain $CHAIN no
 
-	    append_action_file $CHAIN
+	    process_action_file $CHAIN
 	    ;;
     esac
 }
@@ -6056,7 +6053,7 @@ complete_standard_chain() # $1 = chain, $2 = source zone, $3 = destination zone
     local loglevel=
     local policychain=
 
-    append_file $1
+    run_user_exit $1
 
     eval policychain=\$${2}2${3}_policychain
 
@@ -7449,7 +7446,7 @@ apply_policy_rules() {
 	for zone1 in $FW $ZONES; do
 	    chain=${zone}2${zone1}
 	    if havechain $chain; then
-		append_file $chain
+		run_user_exit $chain
 		default_policy $zone $zone1
 	    fi
 	done

Shorewall/releasenotes.txt

@@ -62,6 +62,12 @@ Problems Corrected in 3.2.0 RC 5
     Shorewall version 3.4. "shorewall save && shorewall restart
     <directory>" is a faster way to accomplish the same thing.
 
+5)  Previously, if A was an action and /etc/shorewall/A existed, then
+    /etc/shorewall/A was copied into the compiled program. That file is
+    now processed in the context of the compiler. Similarly, if C is a
+    chain and /etc/shorewall/C exists then the file is processed by the
+    compiler rather than being copied into the compiled script.
+
 Other changes in 3.2.0 RC 5
 
 None.
@@ -126,7 +132,10 @@ Migration Considerations:
 
     This clumsiness has been eliminated in Shorewall 3.2. In Shorewall 3.2,
     extension scripts are copied in-line into the compiled program and are
-    executed in-line during "start", "restart" and "restore".
+    executed in-line during "start", "restart" and "restore". This
+    applies to all extension scripts except those associated with a
+    chain or action -- those extension scripts continue to be processed
+    at compile time.
 
     This new approach has two implications for existing scripts.