From 432534a650af52f43bbdbcf82388e30cb89a63d4 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 3 Oct 2010 10:56:55 -0700 Subject: [PATCH] Eliminate need to restart -lite to extract scfilter Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Compiler.pm | 9 --------- Shorewall/Perl/Shorewall/Config.pm | 10 +++++++++- Shorewall/releasenotes.txt | 10 +++++----- docs/shorewall_extension_scripts.xml | 12 +++++------- 4 files changed, 19 insertions(+), 22 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 1fc9712f2..635ad31ec 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -348,15 +348,6 @@ sub generate_script_3($) { } else { emit 'load_kernel_modules Yes'; } - - $fn = find_file 'scfilter'; - - if ( -f $fn ) { - emit( '', - 'cat << __EOF__ > ${VARDIR}/scfilter' ); - append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -"; - emit_unindented( "__EOF__\n" ); - } } else { emit 'load_kernel_modules Yes'; } diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 02113aea3..a1b89ea37 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -3426,8 +3426,16 @@ sub generate_aux_config() { conditionally_add_option1 'TC_ENABLED'; - finalize_aux_config; + my $fn = find_file 'scfilter'; + if ( -f $fn ) { + emit( '', + 'cat << __EOF__ > ${VARDIR}/scfilter' ); + append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -"; + emit_unindented( "__EOF__\n" ); + } + + finalize_aux_config; } END { diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 4bd0d83bf..d2635d0bf 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -111,11 +111,11 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES If you are using Shorewall-lite and/or Shorewall6-lite, the scfilter file is kept on the administrative system and is copied - into the generated script just like other scripts. When the script - is run to start or restart the firewall, the scfilter script is - copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite) - where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it. - + into the generated auxillary config file (firewall.conf). Each time + that config file is read, the scfilter script is copied into + /var/lib/shorewall-lite/scfilter + (/var/lib/shorewall6-lite/scfilter) where /sbin/shorewall-lite + (/sbin/shorewall6-lite) looks for it. ---------------------------------------------------------------------------- I V. R E L E A S E 4 . 4 H I G H L I G H T S ---------------------------------------------------------------------------- diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml index 1eb0861f1..69df02077 100644 --- a/docs/shorewall_extension_scripts.xml +++ b/docs/shorewall_extension_scripts.xml @@ -210,13 +210,11 @@ esac command. The connection information is piped through this script so that the script can drop information, add information or alter the format of the information. When using Shorewall Lite or Shorewall6 - Lite, the script is copied into the generated firewall script and is - extracted into /var/lib/shorewall-lite (/var/lib/shorewall6-lite) - where /sbin/shorewall-lite (/sbin/shorewall6-lite) can find it. After - you have generated a new firewall script and copied the script to a - firewall system, you must start (or restart) the firewall in order to - install a new scfilter script. The default script is as follows and - simply pipes the output through unaltered. + Lite, the script is copied into the generated auxillary configuration + file (firewall.conf) and is extracted into /var/lib/shorewall-lite + (/var/lib/shorewall6-lite) where /sbin/shorewall-lite + (/sbin/shorewall6-lite) can find it. The default script is as follows + and simply pipes the output through unaltered. #! /bin/sh cat -