diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index da22e33e4..3ba24d497 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.16 RC 1
+
+1) Complete parameterized actions.
+
Changes in Shorewall 4.4.16 Beta 6
1) Don't let root match wildcard.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 3ecedac53..126119184 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -1,6 +1,6 @@
----------------------------------------------------------------------------
S H O R E W A L L 4 . 4 . 1 6
- R C 1
+ B E T A 7
----------------------------------------------------------------------------
I. PROBLEMS CORRECTED IN THIS RELEASE
@@ -14,6 +14,10 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
+Beta 7
+
+None.
+
Beta 6
1) Previously, the root of a wildcard name erroneously matched that
@@ -120,11 +124,14 @@ Beta 1
and in macros invoked from Actions. Additionally, Macros used in
Actions are now free to invoke other actions.
-4) There is now limited support for parameterized actions. Currently,
- the parameters are only available to extensions scripts. See
+4) There is now support for parameterized actions. The parameters are
+ available to extensions scripts. See
http://www.shorewall.net/Actions.html#Extension for more
information.
+ Within the action body, the parameter values are available in $1,
+ $2, etc.
+
----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S
----------------------------------------------------------------------------
diff --git a/docs/Actions.xml b/docs/Actions.xml
index aae4e4176..77297f4dc 100644
--- a/docs/Actions.xml
+++ b/docs/Actions.xml
@@ -224,6 +224,31 @@ ACCEPT - - tcp 135,139,445
When using Shorewall 4.4.16 or later, there are no restrictions
regarding which targets can be used within your action.
+
+ Additionally, it is possible to pass parameters to an action, when
+ it is invoked in the rules file or in another action.
+
+ Here's a trivial example:
+
+ /etc/shorewall/action.A:
+
+ #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
+# PORT(S) PORT(S) DEST
+FORMAT 2
+$1 - - tcp 80 - 1.2.3.4
+
+ /etc/shorewall/rules:
+
+ #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
+# PORT(S) PORT(S) DEST
+
+A(REDIRECT) net fw
+
+ The above is equivalent to this rule:
+
+ #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL
+# PORT(S) PORT(S) DEST
+REDIRECT net - tcp 80 - 1.2.3.4
@@ -578,7 +603,7 @@ add_rule $chainref, '-d 224.0.0.0/4 -j DROP';
Limit:none:SSHA,3,60 net $FW tcp 22
Using Shorewall 4.4.16 or later, you can also invoke the action this
- way:
+ way:
#ACTION SOURCE DEST PROTO DEST PORT(S)
Limit(SSHA,3,60):none net $FW tcp 22
@@ -625,13 +650,13 @@ Limit(SSH,3,60):info net $FW tcp 22use Shorewall::Chains;
-@params = split /,/, $tag unless @params;
+@params = split( /,/, $tag ), $tag='' unless @params;
fatal_error 'Limit rules must include <list name>,<max connections>,<interval> as the log tag or params' unless @params == 3;
-my $list = $tag[0];
+my $list = $params[0];
-for ( @tag[1,2] ) {
+for ( @params[1,2] ) {
fatal_error 'Max connections and interval in Limit rules must be numeric (' . $_ . ')' unless /^\d+$/
}
@@ -641,7 +666,7 @@ add_rule $chainref, "-m recent --name $list --set";
if ( $level ) {
my $xchainref = new_chain 'filter' , "$chainref->{name}%";
- log_rule_limit $level, $xchainref, $params[0], 'DROP', '', '', 'add', '';
+ log_rule_limit $level, $xchainref, $params[0], 'DROP', $tag, '', 'add', '';
add_rule $xchainref, '-j DROP';
add_rule $chainref, "-m recent --name $list --update --seconds $params[2] --hitcount $count -j $xchainref->{name}";
} else {