extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-02 07:04:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate need to restart -lite to extract scfilter

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-10-03 10:56:55 -07:00
parent 994ea3cce6
commit 432534a650
4 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -348,15 +348,6 @@ sub generate_script_3($) {
} else { } else {
emit 'load_kernel_modules Yes'; emit 'load_kernel_modules Yes';
} }
$fn = find_file 'scfilter';
if ( -f $fn ) {
emit( '',
'cat << __EOF__ > ${VARDIR}/scfilter' );
append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -";
emit_unindented( "__EOF__\n" );
}
} else { } else {
emit 'load_kernel_modules Yes'; emit 'load_kernel_modules Yes';
} }

10
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3426,8 +3426,16 @@ sub generate_aux_config() {
conditionally_add_option1 'TC_ENABLED'; conditionally_add_option1 'TC_ENABLED';
finalize_aux_config; my $fn = find_file 'scfilter';
if ( -f $fn ) {
emit( '',
'cat << __EOF__ > ${VARDIR}/scfilter' );
append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -";
emit_unindented( "__EOF__\n" );
}
finalize_aux_config;
} }
END { END {

10
Shorewall/releasenotes.txt
View File

@ -111,11 +111,11 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
If you are using Shorewall-lite and/or Shorewall6-lite, the If you are using Shorewall-lite and/or Shorewall6-lite, the
scfilter file is kept on the administrative system and is copied scfilter file is kept on the administrative system and is copied
into the generated script just like other scripts. When the script into the generated auxillary config file (firewall.conf). Each time
is run to start or restart the firewall, the scfilter script is that config file is read, the scfilter script is copied into
copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite) /var/lib/shorewall-lite/scfilter
where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it. (/var/lib/shorewall6-lite/scfilter) where /sbin/shorewall-lite
(/sbin/shorewall6-lite) looks for it.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

12
docs/shorewall_extension_scripts.xml
View File

@ -210,13 +210,11 @@ esac</programlisting><caution>
command. The connection information is piped through this script so command. The connection information is piped through this script so
that the script can drop information, add information or alter the that the script can drop information, add information or alter the
format of the information. When using Shorewall Lite or Shorewall6 format of the information. When using Shorewall Lite or Shorewall6
Lite, the script is copied into the generated firewall script and is Lite, the script is copied into the generated auxillary configuration
extracted into /var/lib/shorewall-lite (/var/lib/shorewall6-lite) file (firewall.conf) and is extracted into /var/lib/shorewall-lite
where /sbin/shorewall-lite (/sbin/shorewall6-lite) can find it. After (/var/lib/shorewall6-lite) where /sbin/shorewall-lite
you have generated a new firewall script and copied the script to a (/sbin/shorewall6-lite) can find it. The default script is as follows
firewall system, you must start (or restart) the firewall in order to and simply pipes the output through unaltered.</para>
install a new scfilter script. The default script is as follows and
simply pipes the output through unaltered.</para>
<programlisting>#! /bin/sh <programlisting>#! /bin/sh
cat -</programlisting> cat -</programlisting>