diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index d2cc0a01f..47a673afc 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -1548,6 +1548,8 @@ sub close_file() {
#
# Process an ?IF, ?ELSE or ?END directive
#
+sub have_capability( $ );
+
sub process_conditional( $$$ ) {
my ( $omitting, $line, $linenumber ) = @_;
@@ -1582,7 +1584,7 @@ sub process_conditional( $$$ ) {
$omitting = ! ( exists $ENV{$rest} ? $ENV{$rest} :
exists $params{$rest} ? $params{$rest} :
exists $config{$rest} ? $config{$rest} :
- exists $capdesc{$cap} ? have_capability $cap : 0 );
+ exists $capdesc{$cap} ? have_capability( $cap ) : 0 );
}
$omitting = ! $omitting if $invert;
@@ -1953,12 +1955,12 @@ sub embedded_shell( $ ) {
my $last = 0;
while ( read_a_line( 0, 0, 1 ) ) {
- last if $last = $currentline =~ s/^\s*\??END(\s+SHELL)?\s*;?//;
+ last if $last = $currentline =~ s/^\s*END(\s+SHELL)?\s*;?//;
$command .= $currentline;
}
fatal_error ( "Missing END SHELL" ) unless $last;
- fatal_error ( "Invalid END SHELL directive" ) unless /^\s*$/;
+ fatal_error ( "Invalid END SHELL directive" ) unless $currentline =~ /^\s*$/;
}
$command .= q(');
@@ -1989,12 +1991,12 @@ sub embedded_perl( $ ) {
my $last = 0;
while ( read_a_line( 0, 0, 1 ) ) {
- last if $last = $currentline =~ s/^\s*\??END(\s+PERL)?\s*;?//;
+ last if $last = $currentline =~ s/^\s*END(\s+PERL)?\s*;?//;
$command .= $currentline;
}
fatal_error ( "Missing END PERL" ) unless $last;
- fatal_error ( "Invalid END PERL directive" ) unless /^\s*$/;
+ fatal_error ( "Invalid END PERL directive" ) unless $currentline =~ /^\s*$/;
}
unless (my $return = eval $command ) {
@@ -2208,12 +2210,12 @@ sub read_a_line(;$$$) {
# Must check for shell/perl before doing variable expansion
#
if ( $embedded_enabled ) {
- if ( $currentline =~ s/^\s*\??(BEGIN\s+)?SHELL\s*;?// ) {
+ if ( $currentline =~ s/^\s*(BEGIN\s+)?SHELL\s*;?// ) {
embedded_shell( $1 );
next;
}
- if ( $currentline =~ s/^\s*\??(BEGIN\s+)?PERL\s*\;?// ) {
+ if ( $currentline =~ s/^\s*(BEGIN\s+)?PERL\s*\;?// ) {
embedded_perl( $1 );
next;
}
@@ -2626,8 +2628,6 @@ sub determine_kernelversion() {
#
# Capability Reporting and detection.
#
-sub have_capability( $ );
-
sub Nat_Enabled() {
$family == F_IPV4 ? qt1( "$iptables -t nat -L -n" ) : '';
}
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index ec216bb95..9b94f1a03 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -1601,19 +1601,16 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true
- [?]PERL <perl
+ PERL <perl
script>
- [?]SHELL <shell
+ SHELL <shell
script>
- The optional '?' is allowed in Shorewall versions 4.5.2 and
- later.
-
Shell scripts run in a child shell process and their output is piped
back to the compiler which processes that output as if it were embedded at
the point of the script.
@@ -1658,14 +1655,13 @@ use Shorewall::Config ( qw/shorewall/ );
Multi-line scripts use one of the following forms:[?]BEGIN SHELL
+ role="bold">BEGIN SHELL
<shell script>
-[?]END [ SHELL ][?]BEGIN PERL [;]
+END [ SHELL ]BEGIN PERL [;]
<perl script>
-[?]END [ PERL ] [;]As above, the optional
- leading '?' is allowed in Shorewall versions 4.5.2 and later.
+END [ PERL ] [;]
@@ -2004,7 +2000,7 @@ redirect => 137
192.168.1.3, the entry in /etc/shorewall/rules is:
#ACTION SOURCE DESTINATION PROTO DEST PORTS(S)
-DNAT net loc:192.168.1.3 tcp 4000:4100
+DNAT net loc:192.168.1.3 tcp 4000:4100
If you omit the low port number, a value of zero is assumed; if you
omit the high port number, a value of 65535 is assumed.
@@ -2140,9 +2136,9 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
Support requires that you install xtables-addons.
The SWITCH column contains the name of a
- switch. Each switch that is initially in the
- off position. You can turn on the switch
- named switch1 by:
+ switch. Each switch is initially in the off position. You can turn on the switch named
+ switch1 by:
echo 1 >
@@ -2186,7 +2182,8 @@ DNAT net loc:192.168.1.3 tcp 4000:4100
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH
# PORT(S) PORT(S) DEST LIMIT GROUP
-DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down
+DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down
@@ -2216,11 +2213,16 @@ DNAT net dmz:$BACKUP tcp 80 - -
Here is an example:
#ZONE INTERFACE BROADCAST OPTIONS
-net COM_IF detect dhcp,blacklist,tcpflags,optional,upnp,routefilter=0,nosmurfs,logmartians=0,physical=eth0
-net EXT_IF detect dhcp,blacklist,tcpflags,optional,routefilter=0,nosmurfs,logmartians=0,proxyarp=1,physical=eth2
-loc INT_IF detect dhcp,logmartians=1,routefilter=1,tcpflags,nets=172.20.1.0/24,physical=eth1
-dmz VPS_IF detect logmartians=1,routefilter=0,routeback,physical=venet0
-loc TUN_IF detect physical=tun+
+net COM_IF detect dhcp,blacklist,tcpflags,optional,upnp,routefilter=0,nosmurfs,logmartians=0,physical=eth0
+net EXT_IF detect dhcp,blacklist,tcpflags,optional,routefilter=0,nosmurfs,logmartians=0,proxyarp=1,physical=eth2
+loc INT_IF detect dhcp,logmartians=1,routefilter=1,tcpflags,nets=172.20.1.0/24,physical=eth1
+dmz VPS_IF detect logmartians=1,routefilter=0,routeback,physical=venet0
+loc TUN_IF detect physical=tun+
In this example, COM_IF is a logical interface name that refers to
Ethernet interface eth0, EXT_IF is
@@ -2235,16 +2237,18 @@ loc TUN_IF detect physical=tun+
#INTERFACE SOURCE ADDRESS
COMMENT Masquerade Local Network
-COM_IF 0.0.0.0/0
-EXT_IF !206.124.146.0/24 206.124.146.179:persistent
+COM_IF 0.0.0.0/0
+EXT_IF !206.124.146.0/24 206.124.146.179:persistent
shorewall-providers
(5)
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
-Avvanta 1 0x10000 main EXT_IF 206.124.146.254 loose,fallback INT_IF,VPS_IF,TUN_IF
-Comcast 2 0x20000 main COM_IF detect balance INT_IF,VPS_IF,TUN_IF
+Avvanta 1 0x10000 main EXT_IF 206.124.146.254 loose,fallback INT_IF,VPS_IF,TUN_IF
+Comcast 2 0x20000 main COM_IF detect balance INT_IF,VPS_IF,TUN_IF
Note in particular that Shorewall translates TUN_IF to tun* in the COPY column.