extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make .ip[6]tables-restore-input comments conditional

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-01-23 17:04:52 -08:00
parent 2235641c9f
commit 3e404b765f
4 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Config.pm
View File

@ -732,6 +732,7 @@ sub initialize( $;$$) {
RPFILTER_LOG_TAG => '', RPFILTER_LOG_TAG => '',
INVALID_LOG_TAG => '', INVALID_LOG_TAG => '',
UNTRACKED_LOG_TAG => '', UNTRACKED_LOG_TAG => '',
TRACK_RULES => '',
); );
# #
# From shorewall.conf file # From shorewall.conf file
@ -1194,6 +1195,7 @@ sub currentlineinfo() {
} }
sub shortlineinfo1( $ ) { sub shortlineinfo1( $ ) {
if ( $globals{TRACK_RULES} ) {
if ( $currentfile ) { if ( $currentfile ) {
join( ':', $currentfilename, $currentlinenumber ); join( ':', $currentfilename, $currentlinenumber );
} else { } else {
@ -1203,6 +1205,7 @@ sub shortlineinfo1( $ ) {
$_[0] || '' $_[0] || ''
} }
} }
}
sub shortlineinfo( $ ) { sub shortlineinfo( $ ) {
if ( $config{TRACK_RULES} ) { if ( $config{TRACK_RULES} ) {
@ -5823,7 +5826,18 @@ sub get_configuration( $$$$ ) {
default_yes_no 'MULTICAST' , ''; default_yes_no 'MULTICAST' , '';
default_yes_no 'MARK_IN_FORWARD_CHAIN' , ''; default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
default_yes_no 'CHAIN_SCRIPTS' , 'Yes'; default_yes_no 'CHAIN_SCRIPTS' , 'Yes';
if ( supplied ( $val = $config{TRACK_RULES} ) ) {
if ( lc( $val ) eq 'internal' ) {
$globals{TRACK_RULES} = 'Yes';
$config{TRACK_RULES} = '';
} else {
default_yes_no 'TRACK_RULES' , ''; default_yes_no 'TRACK_RULES' , '';
}
} else {
default_yes_no 'TRACK_RULES' , '';
}
default_yes_no 'INLINE_MATCHES' , ''; default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , ''; default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , 'Yes'; default_yes_no 'WORKAROUNDS' , 'Yes';

2
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -1397,7 +1397,7 @@ sub process_interface( $$ ) {
physical => $physical , physical => $physical ,
base => var_base( $physical ), base => var_base( $physical ),
zones => {}, zones => {},
origin => shortlineinfo1(''), origin => shortlineinfo1('') || shortlineinfo( '' ),
wildcard => $wildcard, wildcard => $wildcard,
}; };

9
Shorewall/manpages/shorewall.conf.xml
View File

@ -2620,7 +2620,8 @@ INLINE - - - ; -j REJECT
<varlistentry> <varlistentry>
<term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis <term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis
role="bold">No</emphasis>|Internal}</term>
<listitem> <listitem>
<para>Added in Shorewall 4.5.20. If set to <emphasis <para>Added in Shorewall 4.5.20. If set to <emphasis
@ -2633,6 +2634,12 @@ INLINE - - - ; -j REJECT
<para>Setting this option to <emphasis role="bold">Yes</emphasis> <para>Setting this option to <emphasis role="bold">Yes</emphasis>
requires the <firstterm>Comments</firstterm> capability in iptables requires the <firstterm>Comments</firstterm> capability in iptables
and kernel.</para> and kernel.</para>
<para>Beginning with Shorewall 5.0.5, the option may also be set to
<emphasis role="bold">Internal</emphasis>. That setting causes
similar comments to be added to the
<filename>.iptables-restore-input</filename> file, which is normally
created in <filename>/var/lib/shorewall</filename>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

11
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -2295,7 +2295,8 @@ INLINE - - - ; -j REJECT
<varlistentry> <varlistentry>
<term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis <term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis
role="bold">No</emphasis>|Internal}</term>
<listitem> <listitem>
<para>Added in Shorewall 4.5.20. If set to <emphasis <para>Added in Shorewall 4.5.20. If set to <emphasis
@ -2306,8 +2307,14 @@ INLINE - - - ; -j REJECT
added.</para> added.</para>
<para>Setting this option to <emphasis role="bold">Yes</emphasis> <para>Setting this option to <emphasis role="bold">Yes</emphasis>
requires the <firstterm>Comments</firstterm> capability in ip6tables requires the <firstterm>Comments</firstterm> capability in iptables
and kernel.</para> and kernel.</para>
<para>Beginning with Shorewall 5.0.5, the option may also be set to
<emphasis role="bold">Internal</emphasis>. That setting causes
similar comments to be added to the
<filename>.ip6tables-restore-input</filename> file, which is
normally created in <filename>/var/lib/shorewall</filename>6.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>