Redefine the -i option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-12-15 11:23:20 -08:00
parent 6d72cb3138
commit 4e4e7cac1d
4 changed files with 186 additions and 141 deletions

View File

@ -554,6 +554,7 @@ our $warningcount; # Used to suppress duplicate warnings about missing
our $warningcount1; # Used to suppress duplicate warnings about COMMENT being deprecated
our $warningcount2; # Used to suppress duplicate warnings about FORMAT being deprecated
our $warningcount3; # Used to suppress duplicate warnings about SECTION being deprecated
our $checkinline; # The -i option to check/compile/etc.
our $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files.
@ -2055,6 +2056,8 @@ sub supplied( $ ) {
sub split_line2( $$;$$$ ) {
my ( $description, $columnsref, $nopad, $maxcolumns, $inline ) = @_;
my $inlinematches = $config{INLINE_MATCHES};
unless ( defined $maxcolumns ) {
my @maxcolumns = ( keys %$columnsref );
$maxcolumns = @maxcolumns;
@ -2072,11 +2075,9 @@ sub split_line2( $$;$$$ ) {
#
fatal_error "Only one semicolon (';') allowed on a line" if defined $rest;
if ( $inline ) {
#
# This file supports INLINE
#
if ( $config{INLINE_MATCHES} || $currentline =~ /^\s*INLINE(?:\(.*\)|:.*)?\s/) {
if ( $inlinematches ) {
fatal_error "The $description does not support inline matches (INLINE_MATCHES=Yes)" unless $inline;
$inline_matches = $pairs;
if ( $columns =~ /^(\s*|.*[^&@%]){(.*)}\s*$/ ) {
@ -2088,9 +2089,26 @@ sub split_line2( $$;$$$ ) {
} else {
$pairs = '';
}
}
} elsif ( $inline ) {
#
# This file supports INLINE
#
if ( $currentline =~ /^\s*INLINE(?:\(.*\)|:.*)?\s/) {
$inline_matches = $pairs;
if ( $columns =~ /^(\s*|.*[^&@%]){(.*)}\s*$/ ) {
#
# Pairs are enclosed in curly brackets.
#
$columns = $1;
$pairs = $2;
} else {
fatal_error "The $description does not support inline matches (INLINE_MATCHES=Yes)"
warning_message "This entry needs to be changed before INLINE_MATCHES can be set to Yes" if $checkinline;
$pairs = '';
}
}
} elsif ( $checkinline ) {
warning_message "This entry needs to be changed before INLINE_MATCHES can be set to Yes";
}
} elsif ( $currentline =~ /^(\s*|.*[^&@%]){(.*)}$/ ) {
#
@ -5145,8 +5163,7 @@ sub export_params() {
#
# Walk the CONFIG_PATH converting FORMAT and COMMENT lines to compiler directives
#
sub convert_to_directives( $ ) {
my $inline_matches = $_[0];
sub convert_to_directives() {
my $sharedir = $shorewallrc{SHAREDIR};
#
# Make a copy of @config_path so that the for-loop below doesn't clobber that list
@ -5179,108 +5196,12 @@ sub convert_to_directives( $ ) {
#
# writeable regular file
#
my $result;
if ( $inline_matches ) {
$result = system << "EOF";
perl -pi.bak -e '
/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/;
if ( /^\\s*COMMENT\\s+/ ) {
s/COMMENT/?COMMENT/;
} elsif ( /^\\s*COMMENT\\s*\$/ ) {
s/COMMENT/?COMMENT/;
}' $file
EOF
} else {
$result = system << "EOF";
perl -pi.bak -e '
/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/;
if ( /^\\s*COMMENT\\s+/ ) {
s/COMMENT/?COMMENT/;
} elsif ( /^\\s*COMMENT\\s*\$/ ) {
s/COMMENT/?COMMENT/;
}
perl -pi.bak -e '
unless ( /^\\s*INLINE[( \\t:]/ || /^\\s*#/ ) {
if ( /^(.+?);(\\s*.+?)(\\s*#.*)?\$/ ) {
\$_ = "\$1\\{\$2 \\}";
\$_ .= \$3 if defined \$3 && \$3 ne "";
\$_ .= "\\n";
}
}' $file
EOF
}
if ( $result == 0 ) {
if ( system( "diff -q $file ${file}.bak > /dev/null" ) ) {
progress_message3 " File $file updated - old file renamed ${file}.bak";
} elsif ( rename "${file}.bak" , $file ) {
progress_message " File $file not updated -- no bare 'COMMENT' or 'FORMAT' lines found";
} else {
warning message "Unable to rename ${file}.bak to $file:$!";
}
} else {
warning_message ("Unable to update file $file" );
}
} else {
warning_message( "$file skipped (not writeable)" ) unless -d _;
}
}
}
closedir $dirhandle;
}
}
}
}
#
# Walk the CONFIG_PATH converting '; <column>=<value>[,...]' lines to '{<column>=<value>[,...]}'
#
sub convert_alternative_format() {
my $sharedir = $shorewallrc{SHAREDIR};
#
# Make a copy of @config_path so that the for-loop below doesn't clobber that list
#
my @path = @config_path;
$sharedir =~ s|/+$||;
my $dirtest = qr|^$sharedir/+shorewall6?(?:/.*)?$|;
progress_message3 "Converting '; <column>=<value>[,...]' lines to '{<column>=<value>[,...]}...";
for my $dir ( @path ) {
unless ( $dir =~ /$dirtest/ ) {
if ( ! -w $dir ) {
warning_message "$dir not processed (not writeable)";
} else {
$dir =~ s|/+$||;
opendir( my $dirhandle, $dir ) || fatal_error "Cannot open directory $dir for reading:$!";
while ( my $file = readdir( $dirhandle ) ) {
unless ( $file eq 'capabilities' ||
$file eq 'params' ||
$file =~ /^shorewall6?.conf$/ ||
$file =~ /\.bak$/ ) {
$file = "$dir/$file";
if ( -f $file && -w _ ) {
#
# writeable regular file
#
print "Updating $file...\n";
my $result = system << "EOF";
perl -pi.bak -e '
unless ( /^\\s*INLINE[( \\t:]/ || /^\\s*#/ ) {
if ( /^(.+?);(\\s*.+?)(\\s*#.*)?\$/ ) {
\$_ = "\$1\\{\$2 \\}";
\$_ .= \$3 if defined \$3 && \$3 ne "";
\$_ .= "\\n";
}
perl -pi.bak -e '/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/;
if ( /^\\s*COMMENT\\s+/ ) {
s/COMMENT/?COMMENT/;
} elsif ( /^\\s*COMMENT\\s*\$/ ) {
s/COMMENT/?COMMENT/;
}' $file
EOF
if ( $result == 0 ) {
@ -5314,7 +5235,7 @@ EOF
#
sub get_configuration( $$$$$ ) {
my ( $export, $update, $annotate, $directives, $inline ) = @_;
( my ( $export, $update, $annotate, $directives ) , $checkinline ) = @_;
$globals{EXPORT} = $export;
@ -5326,7 +5247,7 @@ sub get_configuration( $$$$$ ) {
get_params;
process_shorewall_conf( $update, $annotate, $directives || $inline );
process_shorewall_conf( $update, $annotate, $directives );
ensure_config_path;
@ -5995,11 +5916,7 @@ sub get_configuration( $$$$$ ) {
$variables{$var} = $config{$val};
}
if ( $directives ) {
convert_to_directives(0);
} elsif ( $inline ) {
convert_alternative_format;
}
convert_to_directives if $directives;
cleanup_iptables if $sillyname && ! $config{LOAD_HELPERS_ONLY};
}

View File

@ -529,6 +529,10 @@ start_command() {
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
*)
usage 1
;;
@ -643,6 +647,10 @@ compile_command() {
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
-)
finished=1
option=
@ -733,6 +741,10 @@ check_command() {
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
*)
usage 1
;;
@ -813,6 +825,10 @@ update_command() {
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
a*)
g_annotate=Yes
option=${option#a}
@ -825,10 +841,6 @@ update_command() {
g_directives=Yes
option=${option#D}
;;
i*)
g_inline=Yes
option=${option#i}
;;
*)
usage 1
;;
@ -915,6 +927,10 @@ restart_command() {
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
*)
usage 1
;;
@ -1010,6 +1026,10 @@ refresh_command() {
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
D)
if [ $# -gt 1 ]; then
g_shorewalldir="$2"
@ -1399,6 +1419,10 @@ reload_command() # $* = original arguments less the command.
g_confess=Yes
option=${option#T}
;;
i*)
g_inline=Yes
option=${option#i}
;;
*)
usage 1
;;
@ -1588,9 +1612,9 @@ usage() # $1 = exit status
echo "where <command> is one of:"
echo " add <interface>[:<host-list>] ... <zone>"
echo " allow <address> ..."
echo " [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ <directory> ]"
echo " [ check | ck ] [ -e ] [ -r ] [ -p ] [ -r ] [ -T ] [ -i ] [ <directory> ]"
echo " clear"
echo " [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ <directory name> ] [ <path name> ]"
echo " [ compile | co ] [ -e ] [ -p ] [ -t ] [ -c ] [ -d ] [ -T ] [ -i ] [ <directory name> ] [ <path name> ]"
echo " delete <interface>[:<host-list>] ... <zone>"
echo " disable <interface>"
echo " drop <address> ..."
@ -1613,7 +1637,7 @@ usage() # $1 = exit status
echo " iptrace <ip6tables match expression>"
fi
echo " load [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ <directory> ] <system>"
echo " load [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
echo " logdrop <address> ..."
echo " logreject <address> ..."
echo " logwatch [<refresh interval>]"
@ -1626,9 +1650,9 @@ usage() # $1 = exit status
echo " refresh [ -d ] [ -n ] [ -T ] [ -D <directory> ] [ <chain>... ]"
echo " reject <address> ..."
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ <directory> ] <system>"
echo " reload [ -s ] [ -c ] [ -r <root user> ] [ -T ] [ -i ] [ <directory> ] <system>"
echo " reset [ <chain> ... ]"
echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ <directory> ]"
echo " restart [ -n ] [ -p ] [-d] [ -f ] [ -c ] [ -T ] [ -i ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]"
echo " safe-restart [ -t <timeout> ] [ <directory> ]"
echo " safe-start [ -t <timeout> ] [ <directory> ]"
@ -1658,11 +1682,11 @@ usage() # $1 = exit status
echo " [ show | list | ls ] tc [ device ]"
echo " [ show | list | ls ] vardir"
echo " [ show | list | ls ] zones"
echo " start [ -f ] [ -n ] [ -p ] [ -c ] [ -T ] [ <directory> ]"
echo " start [ -f ] [ -n ] [ -p ] [ -c ] [ -T ] [ -i ] [ <directory> ]"
echo " status"
echo " stop"
echo " try <directory> [ <timeout> ]"
echo " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ <directory> ]"
echo " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ -i ] [ <directory> ]"
echo " version [ -a ]"
echo
exit $1

View File

@ -66,6 +66,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -100,6 +102,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="opt"><replaceable>pathname</replaceable></arg>
@ -291,6 +295,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
@ -358,7 +364,7 @@
<arg>-<replaceable>options</replaceable></arg>
<arg
choice="plain"><option>refresh</option><arg><option>-n</option></arg><arg><option>-d</option></arg><arg><option>-T</option></arg><arg>-<option>D</option>
choice="plain"><option>refresh</option><arg><option>-n</option></arg><arg><option>-d</option></arg><arg><option>-T</option></arg><arg><option>-i</option></arg><arg>-<option>D</option>
<replaceable>directory</replaceable> </arg><arg
rep="repeat"><replaceable>chain</replaceable></arg></arg>
</cmdsynopsis>
@ -393,6 +399,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
@ -429,6 +437,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -628,7 +638,7 @@
<arg><option>-c</option></arg>
<arg><option>-T</option></arg>
<arg><option>-T</option><arg><option>-i</option></arg></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -824,6 +834,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.4.20
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -891,6 +907,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.4.20
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1121,6 +1143,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1206,6 +1234,12 @@
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
<para>The -<option>D</option> option was added in Shorewall 4.5.3
and causes Shorewall to look in the given
<emphasis>directory</emphasis> first for configuration files.</para>
@ -1267,6 +1301,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1315,6 +1355,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1674,6 +1720,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1778,12 +1830,11 @@
updated, the original is saved in a .bak file in the same
directory.</para>
<para>The -i option was added in Shorewall 4.6.0. When this option
is specified, the compiler will walk through the directories in the
CONFIG_PATH replacing alternative column specifications following a
semicolon (";") to alternate column specifications enclosed in curly
braces ("{...}"). When a file is updated, the original is saved in a
.bak file in the same directory.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall.conf.html">shorewall.conf(5)</ulink>.</para>
<para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para>

View File

@ -65,6 +65,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -94,6 +96,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="opt"><replaceable>pathname</replaceable></arg>
@ -242,6 +246,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
@ -309,7 +315,7 @@
<arg>-<replaceable>options</replaceable></arg>
<arg
choice="plain"><option>refresh</option><arg><option>-n</option></arg><arg><option>-d</option></arg><arg><option>-T</option></arg><arg>-<option>D</option>
choice="plain"><option>refresh</option><arg><option>-n</option></arg><arg><option>-d</option></arg><arg><option>-T</option></arg><arg><option>-i</option></arg><arg>-<option>D</option>
<replaceable>directory</replaceable> </arg><arg
rep="repeat"><replaceable>chain</replaceable></arg></arg>
</cmdsynopsis>
@ -344,6 +350,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
@ -378,6 +386,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -546,6 +556,8 @@
<arg><option>-T</option></arg>
<arg><option>-i</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -739,6 +751,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.4.20
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -799,6 +817,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.4.20
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1003,6 +1027,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1090,6 +1120,12 @@
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
<para>The -<option>D</option> option was added in Shorewall 4.5.3
and causes Shorewall to look in the given
<emphasis>directory</emphasis> first for configuration files.</para>
@ -1143,6 +1179,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1194,6 +1236,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1516,6 +1564,12 @@
<para>The <option>-T</option> option was added in Shorewall 4.5.3
and causes a Perl stack trace to be included with each
compiler-generated error and warning message.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
</listitem>
</varlistentry>
@ -1614,12 +1668,11 @@
updated, the original is saved in a .bak file in the same
directory.</para>
<para>The -i option was added in Shorewall 4.6.0. When this option
is specified, the compiler will walk through the directories in the
CONFIG_PATH replacing alternative column specifications following a
semicolon (";") to alternate column specifications enclosed in curly
braces ("{...}"). When a file is updated, the original is saved in a
.bak file in the same directory.</para>
<para>The -i option was added in Shorewall 4.6.0 and causes a
warning message to be issued if the line current line contains
alternative input specifications following a semicolon (";"). Such
lines will be handled incorrectly if INLINE_MATCHES is set to Yes in
<ulink url="shorewall6.conf.html">shorewall6.conf(5)</ulink>.</para>
<para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para>