diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 3878cb987..adc87b50c 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -554,6 +554,7 @@ our $warningcount; # Used to suppress duplicate warnings about missing our $warningcount1; # Used to suppress duplicate warnings about COMMENT being deprecated our $warningcount2; # Used to suppress duplicate warnings about FORMAT being deprecated our $warningcount3; # Used to suppress duplicate warnings about SECTION being deprecated +our $checkinline; # The -i option to check/compile/etc. our $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files. @@ -2055,6 +2056,8 @@ sub supplied( $ ) { sub split_line2( $$;$$$ ) { my ( $description, $columnsref, $nopad, $maxcolumns, $inline ) = @_; + my $inlinematches = $config{INLINE_MATCHES}; + unless ( defined $maxcolumns ) { my @maxcolumns = ( keys %$columnsref ); $maxcolumns = @maxcolumns; @@ -2072,11 +2075,25 @@ sub split_line2( $$;$$$ ) { # fatal_error "Only one semicolon (';') allowed on a line" if defined $rest; - if ( $inline ) { + if ( $inlinematches ) { + fatal_error "The $description does not support inline matches (INLINE_MATCHES=Yes)" unless $inline; + + $inline_matches = $pairs; + + if ( $columns =~ /^(\s*|.*[^&@%]){(.*)}\s*$/ ) { + # + # Pairs are enclosed in curly brackets. + # + $columns = $1; + $pairs = $2; + } else { + $pairs = ''; + } + } elsif ( $inline ) { # # This file supports INLINE # - if ( $config{INLINE_MATCHES} || $currentline =~ /^\s*INLINE(?:\(.*\)|:.*)?\s/) { + if ( $currentline =~ /^\s*INLINE(?:\(.*\)|:.*)?\s/) { $inline_matches = $pairs; if ( $columns =~ /^(\s*|.*[^&@%]){(.*)}\s*$/ ) { @@ -2086,11 +2103,12 @@ sub split_line2( $$;$$$ ) { $columns = $1; $pairs = $2; } else { + warning_message "This entry needs to be changed before INLINE_MATCHES can be set to Yes" if $checkinline; $pairs = ''; } } - } else { - fatal_error "The $description does not support inline matches (INLINE_MATCHES=Yes)" + } elsif ( $checkinline ) { + warning_message "This entry needs to be changed before INLINE_MATCHES can be set to Yes"; } } elsif ( $currentline =~ /^(\s*|.*[^&@%]){(.*)}$/ ) { # @@ -5145,8 +5163,7 @@ sub export_params() { # # Walk the CONFIG_PATH converting FORMAT and COMMENT lines to compiler directives # -sub convert_to_directives( $ ) { - my $inline_matches = $_[0]; +sub convert_to_directives() { my $sharedir = $shorewallrc{SHAREDIR}; # # Make a copy of @config_path so that the for-loop below doesn't clobber that list @@ -5179,109 +5196,13 @@ sub convert_to_directives( $ ) { # # writeable regular file # - my $result; - - if ( $inline_matches ) { - $result = system << "EOF"; -perl -pi.bak -e ' -/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/; -if ( /^\\s*COMMENT\\s+/ ) { - s/COMMENT/?COMMENT/; -} elsif ( /^\\s*COMMENT\\s*\$/ ) { - s/COMMENT/?COMMENT/; -}' $file -EOF - } else { - $result = system << "EOF"; -perl -pi.bak -e ' -/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/; -if ( /^\\s*COMMENT\\s+/ ) { - s/COMMENT/?COMMENT/; -} elsif ( /^\\s*COMMENT\\s*\$/ ) { - s/COMMENT/?COMMENT/; -} - -perl -pi.bak -e ' -unless ( /^\\s*INLINE[( \\t:]/ || /^\\s*#/ ) { - if ( /^(.+?);(\\s*.+?)(\\s*#.*)?\$/ ) { - \$_ = "\$1\\{\$2 \\}"; - \$_ .= \$3 if defined \$3 && \$3 ne ""; - \$_ .= "\\n"; - } -}' $file -EOF - } - - if ( $result == 0 ) { - if ( system( "diff -q $file ${file}.bak > /dev/null" ) ) { - progress_message3 " File $file updated - old file renamed ${file}.bak"; - } elsif ( rename "${file}.bak" , $file ) { - progress_message " File $file not updated -- no bare 'COMMENT' or 'FORMAT' lines found"; - } else { - warning message "Unable to rename ${file}.bak to $file:$!"; - } - } else { - warning_message ("Unable to update file $file" ); - } - } else { - warning_message( "$file skipped (not writeable)" ) unless -d _; - } - } - } - - closedir $dirhandle; - } - } - } -} - -# -# Walk the CONFIG_PATH converting '; =[,...]' lines to '{=[,...]}' -# -sub convert_alternative_format() { - my $sharedir = $shorewallrc{SHAREDIR}; - # - # Make a copy of @config_path so that the for-loop below doesn't clobber that list - # - my @path = @config_path; - - $sharedir =~ s|/+$||; - - my $dirtest = qr|^$sharedir/+shorewall6?(?:/.*)?$|; - - progress_message3 "Converting '; =[,...]' lines to '{=[,...]}..."; - - for my $dir ( @path ) { - unless ( $dir =~ /$dirtest/ ) { - if ( ! -w $dir ) { - warning_message "$dir not processed (not writeable)"; - } else { - $dir =~ s|/+$||; - - opendir( my $dirhandle, $dir ) || fatal_error "Cannot open directory $dir for reading:$!"; - - while ( my $file = readdir( $dirhandle ) ) { - unless ( $file eq 'capabilities' || - $file eq 'params' || - $file =~ /^shorewall6?.conf$/ || - $file =~ /\.bak$/ ) { - $file = "$dir/$file"; - - if ( -f $file && -w _ ) { - # - # writeable regular file - # - print "Updating $file...\n"; - my $result = system << "EOF"; -perl -pi.bak -e ' -unless ( /^\\s*INLINE[( \\t:]/ || /^\\s*#/ ) { - if ( /^(.+?);(\\s*.+?)(\\s*#.*)?\$/ ) { - \$_ = "\$1\\{\$2 \\}"; - \$_ .= \$3 if defined \$3 && \$3 ne ""; - \$_ .= "\\n"; - } -}' $file + perl -pi.bak -e '/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/; + if ( /^\\s*COMMENT\\s+/ ) { + s/COMMENT/?COMMENT/; + } elsif ( /^\\s*COMMENT\\s*\$/ ) { + s/COMMENT/?COMMENT/; + }' $file EOF if ( $result == 0 ) { if ( system( "diff -q $file ${file}.bak > /dev/null" ) ) { @@ -5314,7 +5235,7 @@ EOF # sub get_configuration( $$$$$ ) { - my ( $export, $update, $annotate, $directives, $inline ) = @_; + ( my ( $export, $update, $annotate, $directives ) , $checkinline ) = @_; $globals{EXPORT} = $export; @@ -5326,7 +5247,7 @@ sub get_configuration( $$$$$ ) { get_params; - process_shorewall_conf( $update, $annotate, $directives || $inline ); + process_shorewall_conf( $update, $annotate, $directives ); ensure_config_path; @@ -5995,11 +5916,7 @@ sub get_configuration( $$$$$ ) { $variables{$var} = $config{$val}; } - if ( $directives ) { - convert_to_directives(0); - } elsif ( $inline ) { - convert_alternative_format; - } + convert_to_directives if $directives; cleanup_iptables if $sillyname && ! $config{LOAD_HELPERS_ONLY}; } diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 81034e7bc..dfe5390f5 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -529,6 +529,10 @@ start_command() { g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; *) usage 1 ;; @@ -643,6 +647,10 @@ compile_command() { g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; -) finished=1 option= @@ -733,6 +741,10 @@ check_command() { g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; *) usage 1 ;; @@ -813,6 +825,10 @@ update_command() { g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; a*) g_annotate=Yes option=${option#a} @@ -825,10 +841,6 @@ update_command() { g_directives=Yes option=${option#D} ;; - i*) - g_inline=Yes - option=${option#i} - ;; *) usage 1 ;; @@ -915,6 +927,10 @@ restart_command() { g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; *) usage 1 ;; @@ -1010,6 +1026,10 @@ refresh_command() { g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; D) if [ $# -gt 1 ]; then g_shorewalldir="$2" @@ -1399,6 +1419,10 @@ reload_command() # $* = original arguments less the command. g_confess=Yes option=${option#T} ;; + i*) + g_inline=Yes + option=${option#i} + ;; *) usage 1 ;; @@ -1588,9 +1612,9 @@ usage() # $1 = exit status echo "where is one of:" echo " add [:] ... " echo " allow
..." - echo " [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ ]" + echo " [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ -i ] [ ]" echo " clear" - echo " [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ ] [ ]" + echo " [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ -i ] [ ] [ ]" echo " delete [:] ... " echo " disable " echo " drop
..." @@ -1613,7 +1637,7 @@ usage() # $1 = exit status echo " iptrace " fi - echo " load [ -s ] [ -c ] [ -r ] [ -T ] [ ] " + echo " load [ -s ] [ -c ] [ -r ] [ -T ] [ -i ] [ ] " echo " logdrop
..." echo " logreject
..." echo " logwatch []" @@ -1626,9 +1650,9 @@ usage() # $1 = exit status echo " refresh [ -d ] [ -n ] [ -T ] [ -D ] [ ... ]" echo " reject
..." - echo " reload [ -s ] [ -c ] [ -r ] [ -T ] [ ] " + echo " reload [ -s ] [ -c ] [ -r ] [ -T ] [ -i ] [ ] " echo " reset [ ... ]" - echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ ]" + echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ ]" echo " restore [ -n ] [ ]" echo " safe-restart [ -t ] [ ]" echo " safe-start [ -t ] [ ]" @@ -1658,11 +1682,11 @@ usage() # $1 = exit status echo " [ show | list | ls ] tc [ device ]" echo " [ show | list | ls ] vardir" echo " [ show | list | ls ] zones" - echo " start [ -f ] [ -n ] [ -p ] [ -c ] [ -T ] [ ]" + echo " start [ -f ] [ -n ] [ -p ] [ -c ] [ -T ] [ -i ] [ ]" echo " status" echo " stop" echo " try [ ]" - echo " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ ]" + echo " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ -i ] [ ]" echo " version [ -a ]" echo exit $1 diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index dc533d21b..a6193d054 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -66,6 +66,8 @@ + + directory @@ -100,6 +102,8 @@ + + directory pathname @@ -291,6 +295,8 @@ + + directory system @@ -358,7 +364,7 @@ -options - + choice="plain">- directory chain @@ -393,6 +399,8 @@ + + directory system @@ -429,6 +437,8 @@ + + directory @@ -628,7 +638,7 @@ - + directory @@ -824,6 +834,12 @@ The option was added in Shorewall 4.4.20 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). @@ -891,6 +907,12 @@ The option was added in Shorewall 4.4.20 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). @@ -1121,6 +1143,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). @@ -1206,6 +1234,12 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message. + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). + The - option was added in Shorewall 4.5.3 and causes Shorewall to look in the given directory first for configuration files. @@ -1267,6 +1301,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). @@ -1315,6 +1355,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). @@ -1674,6 +1720,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). @@ -1778,12 +1830,11 @@ updated, the original is saved in a .bak file in the same directory. - The -i option was added in Shorewall 4.6.0. When this option - is specified, the compiler will walk through the directories in the - CONFIG_PATH replacing alternative column specifications following a - semicolon (";") to alternate column specifications enclosed in curly - braces ("{...}"). When a file is updated, the original is saved in a - .bak file in the same directory. + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall.conf(5). For a description of the other options, see the check command above. diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index 83f305b61..6be615cff 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -65,6 +65,8 @@ + + directory @@ -94,6 +96,8 @@ + + directory pathname @@ -242,6 +246,8 @@ + + directory system @@ -309,7 +315,7 @@ -options - + choice="plain">- directory chain @@ -344,6 +350,8 @@ + + directory system @@ -378,6 +386,8 @@ + + directory @@ -546,6 +556,8 @@ + + directory @@ -739,6 +751,12 @@ The option was added in Shorewall 4.4.20 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). @@ -799,6 +817,12 @@ The option was added in Shorewall 4.4.20 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). @@ -1003,6 +1027,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). @@ -1090,6 +1120,12 @@ and causes a Perl stack trace to be included with each compiler-generated error and warning message. + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). + The - option was added in Shorewall 4.5.3 and causes Shorewall to look in the given directory first for configuration files. @@ -1143,6 +1179,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). @@ -1194,6 +1236,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). @@ -1516,6 +1564,12 @@ The option was added in Shorewall 4.5.3 and causes a Perl stack trace to be included with each compiler-generated error and warning message. + + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). @@ -1614,12 +1668,11 @@ updated, the original is saved in a .bak file in the same directory. - The -i option was added in Shorewall 4.6.0. When this option - is specified, the compiler will walk through the directories in the - CONFIG_PATH replacing alternative column specifications following a - semicolon (";") to alternate column specifications enclosed in curly - braces ("{...}"). When a file is updated, the original is saved in a - .bak file in the same directory. + The -i option was added in Shorewall 4.6.0 and causes a + warning message to be issued if the line current line contains + alternative input specifications following a semicolon (";"). Such + lines will be handled incorrectly if INLINE_MATCHES is set to Yes in + shorewall6.conf(5). For a description of the other options, see the check command above.