More release note updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5905 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2007-04-12 17:40:36 +00:00 · 2007-04-12 17:40:36 +00:00 · 4beb3a6cee
commit 4beb3a6cee
parent 226c4a198d
2 changed files with 51 additions and 6 deletions
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -122,12 +122,55 @@ d) The BROADCAST column in the interfaces file is essentially unused;
   match requirement is relaxed.

 e) Because the compiler is now written in Perl, your compile-time
-   extension scripts from earlier versions will no longer work. For
-   now, if you want to use extension scripts, you will need to read the
-   Perl code to see how the compiler operates internally. I will
-   produce documentation before the first official release.
+   extension scripts from earlier versions will no longer work.
   Compile-time extension scripts are executed using the Perl
-   'eval `cat <file>`' mechanism.
+   'eval `cat <file>`' mechanism. Be sure that each script returns a
+   'true' value; otherwise, the compiler will assume that the script
+   failed and will abort the compilation.
+
+   When a script is invoked, the $chainref scalar variable will hold a
+   reference to a chain table entry. 
+
+       $chainref->{name}  contains the name of the chain
+       $chainref->{table} holds the table name
+       
+       To add a rule to the chain:
+
+	  add_rule $chainref, <the rule>
+
+       Where
+
+          <the rule> is a scalar argument holding the rule text. Do not
+          include "-A <chain name>"
+
+       Example:
+
+          add_rule $chainref, '-j ACCEPT';
+
+       To insert a rule into the chain:
+
+          insert_rule $chainref, <rulenum>, <the rule>
+
+       The log_rule_limit function works like it does in the shell
+       compiler with two exceptions:
+
+          - You pass the chain reference rather than the name of the
+            chain.
+	  - The commands are 'add' and 'insert' rather than '-A' and
+            '-I'.
+	  - There is only a single "pass as-is to iptables" argument
+            (so you must quote that part).
+
+       Example:
+
+	  log_rule_limit
+	      'info' , 
+	      $chainref , 
+	      $chainref->{name},
+	      'DROP' , 
+	      '',    #Limit
+	      '' ,   #Log tag
+	      'add';	      

 f) The 'refresh' command is now synonymous with 'restart'.

--- a/Shorewall-perl/releasenotes.txt
+++ b/Shorewall-perl/releasenotes.txt
@ -77,7 +77,9 @@ d) The BROADCAST column in the interfaces file is essentially unused;
 e) Because the compiler is now written in Perl, your compile-time
   extension scripts from earlier versions will no longer work.
   Compile-time extension scripts are executed using the Perl
-   'eval `cat <file>`' mechanism.
+   'eval `cat <file>`' mechanism. Be sure that each script returns a
+   'true' value; otherwise, the compiler will assume that the script
+   failed and will abort the compilation.

   When a script is invoked, the $chainref scalar variable will hold a
   reference to a chain table entry.