More incompatibilities flagged and documented

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-30 11:33:28 +01:00 · 2007-04-01 15:20:07 +00:00 · 2007-04-01 15:20:07 +00:00 · 280d8b4b27
commit 280d8b4b27
parent f8eb05923e
2 changed files with 36 additions and 20 deletions
--- a/New/Shorewall/Config.pm
+++ b/New/Shorewall/Config.pm
@ -87,12 +87,16 @@ our %config =
 		# Location of Files
 		#
 		IPTABLES => undef,
+		#
 		#PATH is inherited
+		#
 		PATH => undef,
 		SHOREWALL_SHELL => undef,
 		SUBSYSLOCK => undef,
 		MODULESDIR => undef,
+		#
 		#CONFIG_PATH is inherited
+		#
 		CONFIG_PATH => undef,
 		RESTOREFILE => undef,
 		IPSECFILE => undef,
@ -230,6 +234,9 @@ INIT {
    $tmp_dir     = $ENV{TMP_DIR};
    @config_path = split /:/, $ENV{CONFIG_PATH};

+    for ( @config_path ) {
+	$_ .= '/' unless m|//$|;
+    }
 }

 #
@ -492,10 +499,6 @@ sub get_configuration( $ ) {

    my $export = $_[0];

-    for ( @config_path ) {
-	$_ .= '/' unless m|//$|;
-    }
-
    my $file = find_file 'shorewall.conf';

    if ( -f $file ) {
@ -602,6 +605,9 @@ sub get_configuration( $ ) {

    default_yes_no 'STARTUP_ENABLED'            , 'Yes';
    default_yes_no 'DELAYBLACKLISTLOAD'         , '';
+
+    warning_message 'DELAYBLACKLISTLOAD=Yes is not supported by Shorewall-perl ' . $globals{VERSION} if $config{DELAYBLACKLISTLOAD};
+
    default_yes_no 'LOGTAGONLY'                 , '';
    default_yes_no 'RFC1918_STRICT'             , '';
    default_yes_no 'SAVE_IPSETS'                , '';
@ -681,6 +687,8 @@ sub get_configuration( $ ) {
    default 'OPTIMIZE'              , 0;
    default 'IPSECFILE'             , 'ipsec';

+    fatal_error "IPSECFILE=ipsec is not supported by Shorewall-perl ' . $globals{VERSION} unless $config{IPSECFILE} eq 'zones';
+
    for my $default qw/DROP_DEFAULT REJECT_DEFAULT QUEUE_DEFAULT ACCEPT_DEFAULT/ {
 	$config{$default} = 'none' if "\L$config{$default}" eq 'none';
    }
--- a/New/releasenotes.txt
+++ b/New/releasenotes.txt
@ -1,5 +1,6 @@
-Shorewall-perl 3.9.0
-
+----------------------------------------------------------------------------
+                     Shorewall-perl 3.9.0
+----------------------------------------------------------------------------
 This companion product to Shorewall 3.4.2 and later includes a complete
 rewrite of the compiler in Perl.

@ -27,21 +28,21 @@ version of Shorewall itself.
 d) Along the same vein, I think that users will be more likely to experiment
 with the new compiler if they can easily fall back to the old one if things
 get sticky.
-
-The good news:
-
+----------------------------------------------------------------------------
+                  T H E   G O O D   N E W S:
+----------------------------------------------------------------------------
 a) The compiler has a small disk footprint.
 b) The compiler is very fast.
 c) The compiler generates a firewall script that uses iptables-restore;
   so the script is very fast.
 d) Use of the perl compiler is optional! The old slow clunky
   Bourne-shell compiler is still available.
-
-The bad news:
-
+----------------------------------------------------------------------------
+		  T H E   B A D   N E W S:
+----------------------------------------------------------------------------
 There are a number of incompatibilities between the Perl-based compiler
 and the Bourne-shell one. Some of these will probably go away by first
-official release but some will not.
+official release but most will not.

 a) The Perl-based compiler requires the following capabilities in your
   kernel and iptables. 
@ -152,15 +153,23 @@ j) Because the configuration files (with the exception of
   ($variable and ${variable}) are supported. The more exotic forms
   such as ${variable:=default} are not supported. Both variables
   defined in /etc/shorewall/params and environmental variables
-   (exported by the shell) can be used.
+   (exported by the shell) can be used in configuration files.

 h) USE_ACTIONS=No is not supported. That option is intended to minimize
   Shorewall's footprint in embedded applications. As a consequence,
   Default Macros are not supported.

-Installation
------------
+i) DELAYBLACKLISTLOAD=Yes is not supported. The entire ruleset is
+   atomically loaded with one execution of iptables-restore.

+j) MAPOLDACTIONS=Yes is not supported. People should have converted to
+   using macros by now.
+
+k) The pre Shorewall-3.0 format of the zones file is not supported;
+   neither is the /etc/shorewall/ipsec file.
+----------------------------------------------------------------------------
+                      I N S T A L L A T I O N
+----------------------------------------------------------------------------
 Either 

   $ tar -jxf shorewall-perl-3.9.0.tar.bz2
@ -170,10 +179,9 @@ Either
 or

   $ rpm -ivh shoreawll-pl-3.9.0-1.noarch.rpm
-
-Using the New compiler
----------------------
-
+----------------------------------------------------------------------------
+               U S I N G   T H E   N E W   C O M P I L E R
+----------------------------------------------------------------------------
 By default, the old Bourne-shell based compiler will be used. 

 To use the new compiler, add this to shorewall.conf: