diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 7d10e84ba..b7734c6f7 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -529,8 +529,8 @@ EOF # sub compiler { - my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert ) = - ( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 ); + my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path ) = + ( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , ''); $export = 0; $test = 0; @@ -566,7 +566,8 @@ sub compiler { confess => { store => \$confess, validate=> \&validate_boolean } , update => { store => \$update, validate=> \&validate_boolean } , convert => { store => \$convert, validate=> \&validate_boolean } , - annotate => { store => \$annotate, validate=> \&validate_boolean } , + annotate => { store => \$annotate, validate=> \&validate_boolean } , + config_path => { store => \$config_path } , ); # # P A R A M E T E R P R O C E S S I N G @@ -586,6 +587,8 @@ sub compiler { # initialize_package_globals( $update ); + set_config_path( $config_path ) if $config_path; + if ( $directory ne '' ) { fatal_error "$directory is not an existing directory" unless -d $directory; set_shorewall_dir( $directory ); diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 175e00ac1..5fea8ef45 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -63,7 +63,7 @@ our @EXPORT = qw( require_capability ); -our @EXPORT_OK = qw( $shorewall_dir initialize set_config_path shorewall); +our @EXPORT_OK = qw( $shorewall_dir initialize shorewall); our %EXPORT_TAGS = ( internal => [ qw( create_temp_script finalize_script @@ -87,6 +87,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script set_timestamp set_verbosity set_log + set_config_path close_log set_command push_indent @@ -484,16 +485,10 @@ sub initialize( $ ) { TC => undef, IPSET => undef, PERL => undef, - # - #PATH is inherited - # PATH => undef, SHOREWALL_SHELL => undef, SUBSYSLOCK => undef, MODULESDIR => undef, - # - #CONFIG_PATH is inherited - # CONFIG_PATH => undef, RESTOREFILE => undef, IPSECFILE => undef, diff --git a/Shorewall/Perl/compiler.pl b/Shorewall/Perl/compiler.pl index 3c0ac4e2b..c228593d3 100755 --- a/Shorewall/Perl/compiler.pl +++ b/Shorewall/Perl/compiler.pl @@ -37,6 +37,7 @@ # --log_verbosity= # Log Verbosity range -1 to 2 # --family= # IP family; 4 = IPv4 (default), 6 = IPv6 # --preview # Preview the ruleset. +# --config_path= # Search path for config files # use strict; use FindBin; @@ -64,6 +65,7 @@ sub usage( $ ) { [ --annotate ] [ --update ] [ --convert ] + [ --config_path= ] '; exit shift @_; @@ -88,6 +90,7 @@ my $preview = 0; my $annotate = 0; my $update = 0; my $convert = 0; +my $config_path = ''; Getopt::Long::Configure ('bundling'); @@ -118,6 +121,7 @@ my $result = GetOptions('h' => \$help, 'u' => \$update, 'update' => \$update, 'convert' => \$convert, + 'config_path=s' => \$config_path, ); usage(1) unless $result && @ARGV < 2; @@ -139,4 +143,5 @@ compiler( script => $ARGV[0] || '', update => $update, convert => $convert, annotate => $annotate, + config_path => $config_path, ); diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 7da8e8127..0590f4c73 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -386,7 +386,7 @@ compiler() { [ "$1" = nolock ] && shift; shift - options="--verbose=$VERBOSITY" + options="--verbose=$VERBOSITY --config_path=$CONFIG_PATH" [ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG" [ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY"; [ -n "$g_export" ] && options="$options --export" diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 4c0a36d9e..b750ea08d 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -386,7 +386,7 @@ compiler() { [ "$1" = nolock ] && shift; shift - options="--verbose=$VERBOSITY --family=6" + options="--verbose=$VERBOSITY --family=6 --config_path=$CONFIG_PATH" [ -n "$STARTUP_LOG" ] && options="$options --log=$STARTUP_LOG" [ -n "$LOG_VERBOSITY" ] && options="$options --log_verbosity=$LOG_VERBOSITY"; [ -n "$g_export" ] && options="$options --export" diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml index 56dfea7fe..37754fc4f 100644 --- a/docs/Shorewall-perl.xml +++ b/docs/Shorewall-perl.xml @@ -801,6 +801,24 @@ DNAT- net 192.168.1.3 tcp 21--update is also specified. + + --convert + + + Added in Shorewall 4.4.26. Causes the compiler to convert an + existing blacklist file into an + equivalent blrules + file. + + + --config_path=path[:path]... + + + Added in Shorewall 4.4.26. Search path for configuration + files. + Example (compiles the configuration in the current directory generating a script named 'firewall' and using VERBOSITY 2)./usr/share/shorewall/compiler.pl -v 2 -d . firewall