extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 01:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make .ip[6]tables-restore-input comments conditional

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-01-23 17:04:52 -08:00
parent 2235641c9f
commit 3e404b765f
4 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Config.pm
View File

@ -732,6 +732,7 @@ sub initialize( $;$$) {
RPFILTER_LOG_TAG => '',
INVALID_LOG_TAG => '',
UNTRACKED_LOG_TAG => '',
TRACK_RULES => '',
);
#
# From shorewall.conf file
@ -1194,6 +1195,7 @@ sub currentlineinfo() {
}
sub shortlineinfo1( $ ) {
if ( $globals{TRACK_RULES} ) {
if ( $currentfile ) {
join( ':', $currentfilename, $currentlinenumber );
} else {
@ -1203,6 +1205,7 @@ sub shortlineinfo1( $ ) {
$_[0] || ''
}
}
}
sub shortlineinfo( $ ) {
if ( $config{TRACK_RULES} ) {
@ -5823,7 +5826,18 @@ sub get_configuration( $$$$ ) {
default_yes_no 'MULTICAST' , '';
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
default_yes_no 'CHAIN_SCRIPTS' , 'Yes';
if ( supplied ( $val = $config{TRACK_RULES} ) ) {
if ( lc( $val ) eq 'internal' ) {
$globals{TRACK_RULES} = 'Yes';
$config{TRACK_RULES} = '';
} else {
default_yes_no 'TRACK_RULES' , '';
}
} else {
default_yes_no 'TRACK_RULES' , '';
}
default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , 'Yes';

2
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -1397,7 +1397,7 @@ sub process_interface( $$ ) {
physical => $physical ,
base => var_base( $physical ),
zones => {},
origin => shortlineinfo1(''),
origin => shortlineinfo1('') || shortlineinfo( '' ),
wildcard => $wildcard,
};

9
Shorewall/manpages/shorewall.conf.xml
View File

@ -2620,7 +2620,8 @@ INLINE - - - ; -j REJECT
<varlistentry>
<term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
role="bold">Yes</emphasis>|<emphasis
role="bold">No</emphasis>|Internal}</term>
<listitem>
<para>Added in Shorewall 4.5.20. If set to <emphasis
@ -2633,6 +2634,12 @@ INLINE - - - ; -j REJECT
<para>Setting this option to <emphasis role="bold">Yes</emphasis>
requires the <firstterm>Comments</firstterm> capability in iptables
and kernel.</para>
<para>Beginning with Shorewall 5.0.5, the option may also be set to
<emphasis role="bold">Internal</emphasis>. That setting causes
similar comments to be added to the
<filename>.iptables-restore-input</filename> file, which is normally
created in <filename>/var/lib/shorewall</filename>.</para>
</listitem>
</varlistentry>

11
Shorewall6/manpages/shorewall6.conf.xml
View File

@ -2295,7 +2295,8 @@ INLINE - - - ; -j REJECT
<varlistentry>
<term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
role="bold">Yes</emphasis>|<emphasis
role="bold">No</emphasis>|Internal}</term>
<listitem>
<para>Added in Shorewall 4.5.20. If set to <emphasis
@ -2306,8 +2307,14 @@ INLINE - - - ; -j REJECT
added.</para>
<para>Setting this option to <emphasis role="bold">Yes</emphasis>
requires the <firstterm>Comments</firstterm> capability in ip6tables
requires the <firstterm>Comments</firstterm> capability in iptables
and kernel.</para>
<para>Beginning with Shorewall 5.0.5, the option may also be set to
<emphasis role="bold">Internal</emphasis>. That setting causes
similar comments to be added to the
<filename>.ip6tables-restore-input</filename> file, which is
normally created in <filename>/var/lib/shorewall</filename>6.</para>
</listitem>
</varlistentry>