Change annotated documentation default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-03 03:59:16 +01:00 · 2011-06-06 15:40:21 -07:00 · 2011-06-06 15:40:21 -07:00 · 642319d706
commit 642319d706
parent cfb3d6a801
11 changed files with 95 additions and 340 deletions
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -354,9 +354,9 @@ sub generate_script_3($) {
    emit '';
    load_ipsets;
    if ( $family == F_IPV4 ) {
 	load_ipsets;
 	emit ( 'if [ "$COMMAND" = refresh ]; then' ,
 	       '   run_refresh_exit' ,
 	       'else' ,
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,7 +2,10 @@ Changes in Shorewall 4.4.20.1
 1)  Corrected FSF address.
-2)  Don't modify configfiles/shorewall.conf & configfiles/shorewall6.conf.
+2)  Don't modify configfiles/shorewall.conf &
    configfiles/shorewall6.conf.
 3)  Change 'plain' default.
 Changes in Shorewall 4.4.20 Final
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -31,7 +31,7 @@ usage() # $1 = exit status
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -s"
-    echo "       $ME -p"
+    echo "       $ME -f"
    exit $1
 }
@ -106,6 +106,7 @@ if [ -z "$INIT" ] ; then
 	INIT="shorewall"
 fi
 PLAIN=Yes
 SPARSE=
 MANDIR=${MANDIR:-"/usr/share/man"}
 [ -n "${LIBEXEC:=/usr/share}" ]
@ -184,6 +185,10 @@ while [ $finished -eq 0 ]; do
 			SPARSE=Yes
 			option=${option#s}
 			;;
 		    a*)
 			PLAIN=
 			option=${option#a}
 			;;
 		    p*)
 			PLAIN=Yes
 			option=${option#p}
@ -323,14 +328,14 @@ if [ -n "$DESTDIR" ]; then
    chmod 755 ${DESTDIR}/etc/logrotate.d
 fi
-if [ -n "$PLAIN" ]; then
+if [ -z "$PLAIN" ]; then
-    mkdir plain/
+    mkdir annotated/
-    cp configfiles/* plain/
+    cp configfiles/* annotated/
-    for f in plain/*.plain; do
+    for f in annotated/*.annotated; do
-	mv $f ${f%.plain}
+	mv $f ${f%.annotated}
    done
-    CONFIGFILES=plain
+    CONFIGFILES=annotated
 else
    CONFIGFILES=configfiles
 fi
@ -826,7 +831,7 @@ if [ -z "$SPARSE" -a ! -f ${DESTDIR}/etc/shorewall/actions ]; then
    echo "Actions file installed as ${DESTDIR}/etc/shorewall/actions"
 fi
-rm -rf plain/
+rm -rf annotated/
 #
 # Install the  Makefiles
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -260,13 +260,13 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
    message.
 10) The Shorewall and Shorewall6 configuration files (including the
-    samples) are now annotated with documentation from the associated
+    samples) may now be annotated with documentation from the associated
    manpage. 
-    The installers for these two packages support a -p (plain)
+    The installers for these two packages support a -a (annotated)
-    option that installs unannotated versions of the packages. Both
+    option that installs annotated versions of the packages. Both
    versions are available in the configfiles directory within the
-    tarball.
+    tarball and in the Sample directories.
 11) The STATE subcolumn of the secmarks file now allows the values 'I'
    which will match packets in the INVALID state, and 'NI'
--- a/Shorewall6/install.sh
+++ b/Shorewall6/install.sh
@ -30,6 +30,8 @@ usage() # $1 = exit status
    echo "usage: $ME"
    echo "       $ME -v"
    echo "       $ME -h"
    echo "       $ME -s"
    echo "       $ME -a"
    exit $1
 }
@ -104,6 +106,7 @@ if [ -z "$INIT" ] ; then
 	INIT="shorewall6"
 fi
 PLAIN=Yes
 DEBIAN=
 CYGWIN=
 MAC=
@ -183,6 +186,10 @@ while [ $finished -eq 0 ]; do
 			SPARSE=Yes
 			option=${option#s}
 			;;
 		    a*)
 			PLAIN=
 			option=${option#a}
 			;;
 		    p*)
 			PLAIN=Yes
 			option=${option#p}
@ -314,28 +321,6 @@ if [ -n "$DESTDIR" ]; then
    chmod 755 ${DESTDIR}/etc/logrotate.d
 fi
 #
 # Install the config file
 #
 run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
 if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then
   run_install $OWNERSHIP -m 0644 configfiles/shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf
   if [ -n "$DEBIAN" ] && mywhich perl; then
       #
       # Make a Debian-like shorewall6.conf
       #
       perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}/etc/shorewall6/shorewall6.conf
   fi
   echo "Config file installed as ${DESTDIR}/etc/shorewall6/shorewall6.conf"
 fi
 if [ -n "$ARCHLINUX" ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6/shorewall6.conf
 fi
 delete_file ${DESTDIR}/usr/share/shorewall6/compiler
 delete_file ${DESTDIR}/usr/share/shorewall6/lib.accounting
 delete_file ${DESTDIR}/usr/share/shorewall6/lib.actions
@ -387,16 +372,39 @@ echo "Default config path file installed as ${DESTDIR}/usr/share/shorewall6/conf
 install_file actions.std ${DESTDIR}/usr/share/shorewall6/actions.std 0644
 echo "Standard actions file installed as ${DESTDIR}/usr/shared/shorewall6/actions.std"
-if [ -n "$PLAIN" ]; then
+if [ -z "$PLAIN" ]; then
-    mkdir plain
+    mkdir annotated
-    cp configfiles/* plain/
+    cp configfiles/* annotated/
-    cd plain
+    cd annotated
-    for f in *.plain; do
+    for f in *.annotated; do
-	mv -f $f ${f%.plain}
+	mv -f $f ${f%.annotated}
    done
 else
    cd configfiles
 fi
 #
 # Install the config file
 #
 run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/usr/share/shorewall6/configfiles/shorewall6.conf
 if [ ! -f ${DESTDIR}/etc/shorewall6/shorewall6.conf ]; then
   run_install $OWNERSHIP -m 0644 shorewall6.conf ${DESTDIR}/etc/shorewall6/shorewall6.conf
   if [ -n "$DEBIAN" ] && mywhich perl; then
       #
       # Make a Debian-like shorewall6.conf
       #
       perl -p -w -i -e 's|^STARTUP_ENABLED=.*|STARTUP_ENABLED=Yes|;' ${DESTDIR}/etc/shorewall6/shorewall6.conf
   fi
   echo "Config file installed as ${DESTDIR}/etc/shorewall6/shorewall6.conf"
 fi
 if [ -n "$ARCHLINUX" ] ; then
   sed -e 's!LOGFILE=/var/log/messages!LOGFILE=/var/log/messages.log!' -i ${DESTDIR}/etc/shorewall6/shorewall6.conf
 fi
 #
 # Install the init file
 #
@ -749,7 +757,7 @@ fi
 cd ..
-[ -n "$PLAIN" ] && rm -rf plain/
+rm -rf annotated/
 #
 # Install the  Makefiles
--- a/Shorewall6/lib.cli
+++ b/Shorewall6/lib.cli
@ -292,37 +292,6 @@ do_save() {
 	status=1
    fi
    case ${SAVE_IPSETS:=No} in
 	[Yy]es)
 	    case ${IPSET:=ipset} in
 		*/*)
 		    if [ ! -x "$IPSET" ]; then
 			error_message "ERROR: IPSET=$IPSET does not exist or is not executable - ipsets are not saved"
 			IPSET=
 		    fi
 		    ;;
 		*)
 		    IPSET="$(mywhich $IPSET)"
 		    [ -n "$IPSET" ] || error_message "ERROR: The ipset utility cannot be located - ipsets are not saved"
 		    ;;
 	    esac
 	    if [ -n "$IPSET" ]; then
 		if eval $IPSET -S > ${VARDIR}/ipsets.tmp; then
                    #
                    # Don't save an 'empty' file
                    #
 		    grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
 		fi
 	    fi
 	    ;;
 	[Nn]o)
 	    ;;
 	*)
 	    error_message "WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS"
 	    ;;
    esac
    return $status
 }
@ -388,34 +357,6 @@ show_routing() {
    fi
 }
 #
 # 'list dynamic' command executor
 #
 find_sets() {
    local junk
    local setname
    ipset -L -n | grep "^Name: ${1}_" | while read junk setname; do echo $setname; done
 }
 list_zone() {
    local sets
    local setname
    [ -n "$(mywhich ipset)" ] || fatal_error "The ipset utility cannot be located"
    sets=$(find_sets $1)
    for setname in $sets; do
 	echo "${setname#${1}_}:"
 	ipset -L $setname -n | awk 'BEGIN        {prnt=0;}; \
                                    /^Members:/  {prnt=1; next; }; \
                                    /^Bindings:/ {prnt=0; }; \
                                                 { if (prnt == 1) print "   ", $1; };'
    done
 }
 #
 # Show Filter - For Shorewall6-lite, if there was an scfilter file at compile-time,
 #               then the compiler generated another version of this function and
@ -731,13 +672,6 @@ show_command() {
 	    fi
 	    if [ $# -gt 0 ]; then
 		if [ $1 = dynamic -a $# -gt 1 ]; then
 		    shift
 		    [ $# -eq 1 ] || usage 1
 		    list_zone $1
 		    return;
                fi
 		[ -n "$table_given" ] || for chain in $*; do
 		    if ! qt $IP6TABLES -t $table -L $chain $g_ipt_options; then
 			error_message "ERROR: Chain '$chain' is not recognized by $IP6TABLES."
@ -1000,6 +934,13 @@ restore_command() {
    [ -n "$nolock" ] || mutex_on
    if [ -x $g_restorepath ]; then
 	if [ -x ${g_restorepath}-ipsets ] ; then
 	    echo Restoring Ipsets...
 	    $IP6TABLES -F
 	    $IP6TABLES -X
 	    $SHOREWALL_SHELL ${g_restorepath}-ipsets
 	fi
 	progress_message3 "Restoring Shorewall6..."
 	run_it $g_restorepath restore && progress_message3 "$g_product restored from ${VARDIR}/$RESTOREFILE"
@ -1144,191 +1085,6 @@ block() # $1 = command, $2 = Finished, $3 - $n addresses
    done
 }
 #
 # Replace commas with spaces and echo the result
 #
 separate_list() {
    local list
    list="$@"
    local part
    local newlist
    local firstpart
    local lastpart
    local enclosure
    case "$list" in
 	*,|,*|*,,*|*[[:space:]]*)
 	    #
 	    # There's been whining about us not catching embedded white space in
 	    # comma-separated lists. This is an attempt to snag some of the cases.
 	    #
            echo "WARNING -- invalid comma-separated list \"$@\"" >&2
 	    ;;
 	*\[*\]*)
 	    #
 	    # Where we need to embed comma-separated lists within lists, we enclose them
 	    # within square brackets.
 	    #
 	    firstpart=${list%%\[*}
 	    lastpart=${list#*\[}
 	    enclosure=${lastpart%%\]*}
 	    lastpart=${lastpart#*\]}
 	    case $lastpart in
 		\,*)
 		    case $firstpart in
 			*\,)
 			    echo "$(separate_list ${firstpart%,}) [$enclosure] $(separate_list ${lastpart#,})"
 			    ;;
 			*)
 			    echo "$(separate_list $firstpart)[$enclosure] $(separate_list ${lastpart#,})"
 			    ;;
 		    esac
 		    ;;
 		*)
 		    case $firstpart in
 			*\,)
 			    echo "$(separate_list ${firstpart%,}) [$enclosure]$(separate_list $lastpart)"
 			    ;;
 			*)
 			    echo "$(separate_list $firstpart)[$enclosure]$(separate_list $lastpart)"
 			    ;;
 		    esac
 		    ;;
 	    esac
 	    return
 	    ;;
    esac
    list="$@"
    part="${list%%,*}"
    newlist="$part"
    while [ "x$part" != "x$list" ]; do
 	list="${list#*,}";
 	part="${list%%,*}";
 	newlist="$newlist $part";
    done
    echo "$newlist"
 }
 #
 # add command executor
 #
 add_command() {
    local interface host hostlist zone ipset
    if ! shorewall_is_started ; then
 	echo "Shorewall Not Started" >&2
 	exit 2
    fi
    case "$IPSET" in
 	*/*)
 	    ;;
 	*)
 	    [ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
 	    ;;
    esac
    #
    # Normalize host list
    #
    while [ $# -gt 1 ]; do
 	interface=${1%%:*}
 	host=${1#*:}
 	[ "$host" = "$1" ] && host=
 	if [ -z "$host" ]; then
 	    hostlist="$hostlist $interface:::/0"
 	else
 	    for h in $(separate_list $host); do
 		hostlist="$hostlist $interface:$h"
 	    done
 	fi
 	shift
    done
    zone=$1
    for host in $hostlist; do
 	interface=${host%:*}
 	ipset=${zone}_${interface};
 	if ! qt $IPSET -L $ipset -n; then
 	    fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
 	fi
 	host=${host#*:}
 	if $IPSET -A $ipset $host; then
 	    echo "Host $interface:$host added to zone $zone"
 	else
 	    fatal_error "Unable to add $interface:$host to zone $zone"
 	fi
    done
 }
 #
 # delete command executor
 #
 delete_command() {
    local interface host hostent hostlist zone ipset
    if ! shorewall_is_started ; then
 	echo "Shorewall Not Started" >&2
 	exit 2;
    fi
    case "$IPSET" in
 	*/*)
 	    ;;
 	*)
 	    [ -n "$(mywhich $IPSET)" ] || fatal_error "The $IPSET utility cannot be located"
 	    ;;
    esac
    #
    # Normalize host list
    #
    while [ $# -gt 1 ]; do
 	interface=${1%%:*}
 	host=${1#*:}
 	[ "$host" = "$1" ] && host=
 	if [ -z "$host" ]; then
 	    hostlist="$hostlist $interface:::/0"
 	else
 	    for h in $(separate_list $host); do
 		hostlist="$hostlist $interface:$h"
 	    done
 	fi
 	shift
    done
    zone=$1
    for hostent in $hostlist; do
 	interface=${hostent%:*}
 	ipset=${zone}_${interface};
 	if ! qt $IPSET -L $ipset -n; then
 	    fatal_error "Zone $zone, interface $interface is does not have a dynamic host list"
 	fi
 	host=${hostent#*:}
 	if $IPSET -D $ipset $host; then
 	    echo "Host $hostend deleted from zone $zone"
 	else
 	    echo "   WARNING: Unable to delete host $hostent to zone $zone" >&2
 	fi
    done
 }
 #
 # 'hits' commmand executor
 #
@ -1778,8 +1534,10 @@ report_capabilities() {
 	report_capability "IP range Match" $IPRANGE_MATCH
 	report_capability "Recent Match" $RECENT_MATCH
 	report_capability "Owner Match" $OWNER_MATCH
-	report_capability "Ipset Match" $IPSET_MATCH
+	if [ -n "$IPSET_MATCH" ]; then
-	[ -n "$IPSET_MATCH" ] && report_capability "OLD_Ipset Match" $OLD_IPSET_MATCH
+	    report_capability "Ipset Match" $IPSET_MATCH
 	    [ -n "$OLD_IPSET_MATCH" ] && report_capability "OLD_Ipset Match" $OLD_IPSET_MATCH
 	fi
 	report_capability "CONNMARK Target" $CONNMARK
 	[ -n "$CONNMARK" ] && report_capability "Extended CONNMARK Target" $XCONNMARK
 	report_capability "Connmark Match" $CONNMARK_MATCH
--- a/Shorewall6/shorewall6
+++ b/Shorewall6/shorewall6
@ -1827,16 +1827,6 @@ case "$COMMAND" in
 	get_config
 	allow_command $@
 	;;
    add)
 	get_config
 	shift
 	add_command $@
 	;;
    delete)
 	get_config
 	shift
 	delete_command $@
 	;;
    save)
 	get_config
 	[ -n "$g_debugging" ] && set -x
--- a/docs/Install.xml
+++ b/docs/Install.xml
@ -174,18 +174,12 @@
      </listitem>
    </orderedlist>
-    <para>Beginning with shorewall 4.4.20, the installer also supports a
+    <para>Beginning with shorewall 4.4.20.1, the installer also supports a
-    <option>-p</option> (plain) option. Beginning with that release, the
+    <option>-a</option> (annotated) option. Beginning with that release, the
-    standard configuration files (including samples) are annotated with the
+    standard configuration files (including samples) may be annotated with the
-    contents of the associated manpage. The <option>-p</option> option
+    contents of the associated manpage. The <option>-a</option> option enables
-    suppresses that behavior such that the configuration files do not include
+    that behavior. The default remains that the configuration files do not
-    documentation.</para>
+    include documentation.</para>
    <note>
      <para>Setting the <emphasis role="bold">PLAIN</emphasis> environmental
      variable to a non-empty value is equivalent to specifying
      <option>-p</option>.</para>
    </note>
    <section>
      <title>Executables in /usr and Perl Modules</title>
--- a/docs/standalone.xml
+++ b/docs/standalone.xml
@ -201,18 +201,17 @@
      copies.</para>
    </warning>
-    <para>If you are installing Shorewall version 3.4.0 or later then as each
+    <para>As each file is introduced, I suggest that you look at the actual
-    file is introduced, I suggest that you look at the actual file on your
+    file on your system and that you look at the <ulink
    system and that you look at the <ulink
    url="configuration_file_basics.htm#Manpages">man page</ulink> for that
    file. For example, to look at the man page for the
    <filename>/etc/shorewall/zones</filename> file, type <command>man
    shorewall-zones</command> at a shell prompt.</para>
-    <para>If you are installing a Shorewall version earlier than 3.4.0, then
+    <para>Note: Beginning with Shorewall 4.4.20.1, there are versions of the
-    as each file is introduced, I suggest that you look through the actual
+    sample files that are annotated with the corresponding manpage contents.
-    file on your system -- each file contains detailed configuration
+    These files have names ending in '.annotated'. You might choose to look at
-    instructions and default entries.</para>
+    those files instead.</para>
    <para>Shorewall views the network where it is running as being composed of
    a set of <emphasis>zones</emphasis>. In the one-interface sample
--- a/docs/three-interface.xml
+++ b/docs/three-interface.xml
@ -232,18 +232,17 @@
      </listitem>
    </orderedlist>
-    <para>If you are installing Shorewall version 3.4.0 or later then as each
+    <para>As each file is introduced, I suggest that you look at the actual
-    file is introduced, I suggest that you look at the actual file on your
+    file on your system and that you look at the <ulink
    system and that you look at the <ulink
    url="configuration_file_basics.htm#Manpages">man page</ulink> for that
    file. For example, to look at the man page for the
    <filename>/etc/shorewall/zones</filename> file, type <command>man
    shorewall-zones</command> at a shell prompt.</para>
-    <para>If you are installing a Shorewall version earlier than 3.4.0, then
+    <para>Note: Beginning with Shorewall 4.4.20.1, there are versions of the
-    as each file is introduced, I suggest that you look through the actual
+    sample files that are annotated with the corresponding manpage contents.
-    file on your system -- each file contains detailed configuration
+    These files have names ending in '.annotated'. You might choose to look at
-    instructions and default entries.</para>
+    those files instead.</para>
    <para>Shorewall views the network where it is running as being composed of
    a set of zones. In the three-interface sample configuration, the following
--- a/docs/two-interface.xml
+++ b/docs/two-interface.xml
@ -214,18 +214,17 @@
        </orderedlist>
      </important></para>
-    <para>If you are installing Shorewall version 3.4.0 or later then as each
+    <para>As each file is introduced, I suggest that you look at the actual
-    file is introduced, I suggest that you look at the actual file on your
+    file on your system and that you look at the <ulink
    system and that you look at the <ulink
    url="configuration_file_basics.htm#Manpages">man page</ulink> for that
    file. For example, to look at the man page for the
    <filename>/etc/shorewall/zones</filename> file, type <command>man
    shorewall-zones</command> at a shell prompt.</para>
-    <para>If you are installing a Shorewall version earlier than 3.4.0, then
+    <para>Note: Beginning with Shorewall 4.4.20.1, there are versions of the
-    as each file is introduced, I suggest that you look through the actual
+    sample files that are annotated with the corresponding manpage contents.
-    file on your system -- each file contains detailed configuration
+    These files have names ending in '.annotated'. You might choose to look at
-    instructions and default entries.</para>
+    those files instead.</para>
    <para>Shorewall views the network where it is running as being composed of
    a set of zones. In the two-interface sample configuration, the following