Document EXPORTPARAMS effect on INCLUDE

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2007-02-09 17:03:55 +00:00 · 2007-02-09 17:03:55 +00:00 · 7524783188
commit 7524783188
parent ad9e3b145f
1 changed files with 24 additions and 9 deletions
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@ -346,18 +346,32 @@ smtp,www,pop3,imap  #Services running on the firewall</programlisting>
  <section id="INCLUDE">
    <title>INCLUDE Directive</title>

-    <para>Any configuration file may contain INCLUDE directives (INCLUDE is
-    not supported in <ulink url="shorewall_extension_scripts.htm">extension
-    scripts</ulink>). An INCLUDE directive consists of the word INCLUDE
-    followed by a path name and causes the contents of the named file to be
-    logically included into the file containing the INCLUDE. Relative path
-    names given in an INCLUDE directive are assumed to reside in
-    /etc/shorewall or in an alternate configuration directory if one has been
-    specified for the command.</para>
+    <para>Any configuration file may contain INCLUDE directives. An INCLUDE
+    directive consists of the word INCLUDE followed by a path name and causes
+    the contents of the named file to be logically included into the file
+    containing the INCLUDE. Relative path names given in an INCLUDE directive
+    are assumed to reside in /etc/shorewall or in an alternate configuration
+    directory if one has been specified for the command.</para>

    <para>INCLUDE's may be nested to a level of 3 -- further nested INCLUDE
    directives are ignored with a warning message.</para>

+    <caution>
+      <para>If you are using <ulink
+      url="CompiledPrograms.html%23Lite">Shorewall Lite</ulink> and are
+      running a version of Shorewall earlier than 3.2.9, it is not advisable
+      to use INCLUDE in the <filename>params</filename> file in an export
+      directory. If you do that, you must ensure that the included file is
+      also present on the firewall system's <filename
+      class="directory">/etc/shorewall-lite/</filename> directory.</para>
+
+      <para>Beginning with Shorewall version 3.2.9 (3.4.0 RC2), you can set
+      EXPORTPARAMS=No in <filename>shorewall.conf</filename>. That prevents
+      the <filename>params</filename> file from being copied into the compiled
+      script. With EXPORTPARAMS=No, it is perfectly okay to use INCLUDE in the
+      <filename>params</filename> file.</para>
+    </caution>
+
    <example>
      <title>Use of INCLUDE</title>

@ -724,7 +738,8 @@ DNAT       net        loc:192.168.1.3 tcp       4000:4100</programlisting>
      </listitem>

      <listitem>
-        <para>If you are using Shorewall Lite and if the
+        <para>If you are using <ulink
+        url="CompiledPrograms.html%23Lite">Shorewall Lite</ulink> and if the
        <filename>params</filename> script needs to set shell variables based
        on the configuration of the firewall system, you can use this
        trick:</para>