Implement optional action parameters

Shorewall/Perl/Shorewall/Config.pm

@@ -1799,7 +1799,8 @@ sub push_params( $ ) {
     %actparms = ();
 
     for ( my $i = 1; $i <= @params; $i++ ) {
-	$actparms{$i} = $params[$i - 1];
+	my $val = $params[$i - 1];
+	$actparms{$i} = $val eq '-' ? '' : $val;
     }
 
     $oldparams;

Shorewall/Perl/Shorewall/Rules.pm

@@ -260,7 +260,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ );
 
 sub process_actions1() {
 
-    progress_message2 "Preprocessing Action Files...";
+    progress_message2 "Locating Action Files...";
     #
     # Add built-in actions to the target table and create those actions
     #
@@ -717,6 +717,14 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) {
 #
 # Once a rule has been expanded via wildcards (source and/or dest zone eq 'all'), it is processed by this function. If
 # the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion.
+# Rules in both the rules file and in action bodies are processed here.
+#
+# This function may be called in three different ways:
+#
+#  1) $chainref undefined -- Being called to process a record in the rules file. All arguments are passed.
+#  2) $chainref is a chain name -- Pre-proessing the records in an action file. Only $target is passed.
+#  3) $chainref is a chain reference -- Processing the records in an action file. The chain is where the generated
+#     rules are added.
 #
 sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
     my ( $chainref,   #reference to Action Chain if we are being called from process_action3()
@@ -765,7 +773,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
 	( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless $actiontype || $param;
     }
 
-    fatal_error "Unknown action ($action)" unless $actiontype;
+    fatal_error "Unknown ACTION ($action)" unless $actiontype;
 
     if ( $actiontype == MACRO ) {
 	#

Shorewall/releasenotes.txt

@@ -125,13 +125,18 @@ Beta 1
     Actions are now free to invoke other actions.
 
 4)  There is now support for parameterized actions. The parameters are
-    available to extensions scripts. See
+    a comma-separated list enclosed in parentheses following the
+    action name (e.g., ACT(REDIRECT,192.168.1.4)). Within the action
+    body, the parameter values are available in $1, $2, etc.
+
+    You can 'omit' a parameter in the list by using '-' (e,g,
+    REDIRECT,-.info) would omit the second parameter (within the action
+    body, $2 would expand to nothing). 
+    
+    Parameter values are also available to extensions scripts. See
     http://www.shorewall.net/Actions.html#Extension for more
     information.
 
-    Within the action body, the parameter values are available in $1,
-    $2, etc.
-
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------

docs/Actions.xml

@@ -249,6 +249,12 @@ A(REDIRECT)    net     fw</programlisting>
       <programlisting>#TARGET        SOURCE  DEST    PROTO   DEST    SOURCE  ORIGINAL
 #                                      PORT(S) PORT(S) DEST
 REDIRECT       net     -       tcp     80      -       1.2.3.4</programlisting>
+
+      <para>You can 'omit' parameters by using '-'.</para>
+
+      <para>Example: ACTION(REDIRECT,-,info) </para>
+
+      <para>In the above example, $2 would expand to nothing.</para>
     </section>
 
     <section>
@@ -542,7 +548,8 @@ bar:debug</programlisting>
 
         <listitem>
           <para><emphasis role="bold">@params</emphasis> is the list of
-          parameter values (Shorewall 4.4.16 and later).</para>
+          parameter values (Shorewall 4.4.16 and later). 'Omitted' parameters
+          contain '-'.</para>
         </listitem>
       </itemizedlist>