Make comments persistent

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4657 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2006-10-10 15:46:21 +00:00 · 2006-10-10 15:46:21 +00:00 · 2b4e9fc8c9
commit 2b4e9fc8c9
parent ff1761c868
6 changed files with 25 additions and 31 deletions
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -892,10 +892,6 @@ setup_tc1() {
 	    else
 		rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos")
 		process_tc_rule
-		if [ -n "$comment" ]; then
-		    comment=
-		    save_command COMMENT=
-		fi
 	    fi
 	done < $TMP_DIR/tcrules
    fi
@ -1035,10 +1031,6 @@ __EOF__
 		expandv mark sources dests proto ports sports user testval tos
 		rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $tos")
 		process_tc_rule
-		if [ -n "$comment" ]; then
-		    comment=
-		    save_command COMMENT=
-		fi
 	    fi
 	done < $TMP_DIR/tcrules
    fi
@ -2831,11 +2823,6 @@ process_rules()

 	esac

-	if [ -n "$comment" ]; then
-	    comment=
-	    save_command COMMENT=
-	fi
-
    done < $TMP_DIR/rules
    #
    # Just in case the file ended with a comment
--- a/Shorewall/lib.nat
+++ b/Shorewall/lib.nat
@ -442,10 +442,6 @@ __EOF__
 		    fi
 		else
 		    setup_one
-		    if [ -n "$comment" ]; then
-			comment=
-			save_command COMMENT=
-		    fi
 		fi
 	    else
 		error_message "WARNING: NAT disabled; masq rule ignored"
@ -540,10 +536,6 @@ setup_nat() {
 		fi
 	    else
 		do_one_nat
-		if [ -n "$comment" ]; then
-		    comment=
-		    save_command COMMENT=
-		fi
 	    fi
 	    progress_message_and_save "   Host $internal NAT $external on $interface"
 	done < $TMP_DIR/nat
--- a/Shorewall/nat
+++ b/Shorewall/nat
@ -18,10 +18,13 @@
 #
 #                       If you put COMMENT in this column, the rest of the
 #			line will be attached as a comment to the Netfilter
-#			rule(s) generated by the next entry in the file.
-#			The comment will appear delimited by "/* ... */"
+#			rule(s) generated by the following entries in the
+#			file. The comment will appear delimited by "/* ... */"
 #			in the output of "shorewall show nat"
 #
+#			To stop the comment from being attached to further
+#			rules, simply include COMMENT on a line by itself.
+#
 #	INTERFACE	Interface that has the EXTERNAL address.
 #			If ADD_IP_ALIASES=Yes in shorewall.conf, Shorewall
 #			will automatically add the EXTERNAL address to this
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -77,7 +77,11 @@ Other changes in 3.3.3
    /etc/shorewall/rules, /etc/shorewall/tcrules, /etc/shorewall/nat
    and /etc/shorewall/masq files. The remainder of the line is treated
    as a comment and it will be attached as a Netfilter comment to the
-    rule(s) generated by the next entry in the file.
+    rule(s) generated by the following entries in the file.
+
+    To stop the comment from being attached to further rules, simply
+    include COMMENT on a line by itself.
+

    If you do not have Comment support in your iptables/kernel (see the
    output of "shorewall[-lite] show capabilities") then COMMENTS are
@ -89,17 +93,19 @@ Other changes in 3.3.3

 	    #SOURCE      SOURCE     DEST       PROTO DEST PORT(S)
 	    
-	    COMMENT Stop Microsoft Crap
+	    COMMENT Stop Microsoft Crud

 	    REJECT       loc        net        tcp   137,445
 	    REJECT       loc        net        udp   137:139

+	    COMMENT
+
    The output of "shorewall show loc2net" includes (folded):

    0     0 reject     tcp  --  *      *       0.0.0.0/0
-	  0.0.0.0/0    multiport dports 137,445 /* Stop Microsoft crap */
+	  0.0.0.0/0    multiport dports 137,445 /* Stop Microsoft crud */
    0     0 reject     udp  --  *      *       0.0.0.0/0
-	  0.0.0.0/0    udp dpts:137:139
+	  0.0.0.0/0    udp dpts:137:139 /* Stop Microsoft crud */

 Migration Considerations:

--- a/Shorewall/rules
+++ b/Shorewall/rules
@ -115,10 +115,13 @@
 #					    (http://p2pwall.sf.net).
 #                               COMMENT  -- the rest of the line will be attached
 #					    as a comment to the Netfilter rule(s)
-#					    generated by the following entry. The
-#					    comment will appear delimited by 
+#					    generated by the following entres.
+#					    The comment will appear delimited by 
 #					    "/* ... */" in the output of
-#					    "shorewall show <chain>"
+#					    "shorewall show <chain>". To stop
+#					    the comment from being attached to
+#					    further rules, simply include
+#					    COMMENT on a line by itself.
 #				<action> -- The name of an action defined in
 #					    /etc/shorewall/actions or in
 #					    /usr/share/shorewall/actions.std.
--- a/Shorewall/tcrules
+++ b/Shorewall/tcrules
@ -105,10 +105,13 @@
 #
 #                       e) COMMENT -- the rest of the line will be attached as
 #			   a comment to the Netfilter rule(s) generated by the
-#			   following entry. The comment will appear delimited
+#			   following entries. The comment will appear delimited
 #			   by "/* ... */" in the output of "shorewall show
 #			   mangle"
 #
+#			  To stop the comment from being attached to further
+#			  rules, simply include COMMENT on a line by itself.
+#
 #	SOURCE		Source of the packet. A comma-separated list of
 #			interface names, IP addresses, MAC addresses and/or
 #			subnets for packets being routed through a common path.