diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 7f058cb4e..c28667ac4 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -732,6 +732,7 @@ sub initialize( $;$$) {
RPFILTER_LOG_TAG => '',
INVALID_LOG_TAG => '',
UNTRACKED_LOG_TAG => '',
+ TRACK_RULES => '',
);
#
# From shorewall.conf file
@@ -1194,13 +1195,15 @@ sub currentlineinfo() {
}
sub shortlineinfo1( $ ) {
- if ( $currentfile ) {
- join( ':', $currentfilename, $currentlinenumber );
- } else {
- #
- # Alternate lineinfo may have been passed
- #
- $_[0] || ''
+ if ( $globals{TRACK_RULES} ) {
+ if ( $currentfile ) {
+ join( ':', $currentfilename, $currentlinenumber );
+ } else {
+ #
+ # Alternate lineinfo may have been passed
+ #
+ $_[0] || ''
+ }
}
}
@@ -5823,7 +5826,18 @@ sub get_configuration( $$$$ ) {
default_yes_no 'MULTICAST' , '';
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
default_yes_no 'CHAIN_SCRIPTS' , 'Yes';
- default_yes_no 'TRACK_RULES' , '';
+
+ if ( supplied ( $val = $config{TRACK_RULES} ) ) {
+ if ( lc( $val ) eq 'internal' ) {
+ $globals{TRACK_RULES} = 'Yes';
+ $config{TRACK_RULES} = '';
+ } else {
+ default_yes_no 'TRACK_RULES' , '';
+ }
+ } else {
+ default_yes_no 'TRACK_RULES' , '';
+ }
+
default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , 'Yes';
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 47fea3bdc..44fa74b43 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1397,7 +1397,7 @@ sub process_interface( $$ ) {
physical => $physical ,
base => var_base( $physical ),
zones => {},
- origin => shortlineinfo1(''),
+ origin => shortlineinfo1('') || shortlineinfo( '' ),
wildcard => $wildcard,
};
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 54282e7f6..dfc20002e 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -1629,7 +1629,7 @@ LOG:info:,bar net fw
"/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset"
where uname holds the output of
'uname -r' and g_family holds '4'.
+ role="bold">g_family holds '4'.
@@ -2620,7 +2620,8 @@ INLINE - - - ; -j REJECT
TRACK_RULES={Yes|No}
+ role="bold">Yes|No|Internal}
Added in Shorewall 4.5.20. If set to Setting this option to Yes
requires the Comments capability in iptables
and kernel.
+
+ Beginning with Shorewall 5.0.5, the option may also be set to
+ Internal. That setting causes
+ similar comments to be added to the
+ .iptables-restore-input file, which is normally
+ created in /var/lib/shorewall.
diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml
index 3629014ea..73bae2f43 100644
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -2295,7 +2295,8 @@ INLINE - - - ; -j REJECT
TRACK_RULES={Yes|No}
+ role="bold">Yes|No|Internal}
Added in Shorewall 4.5.20. If set to
Setting this option to Yes
- requires the Comments capability in ip6tables
+ requires the Comments capability in iptables
and kernel.
+
+ Beginning with Shorewall 5.0.5, the option may also be set to
+ Internal. That setting causes
+ similar comments to be added to the
+ .ip6tables-restore-input file, which is
+ normally created in /var/lib/shorewall6.