Pre-process standard files up front -- Take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5071 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/lib.accounting

@@ -239,8 +239,6 @@ setup_accounting() # $1 = Name of accounting file
 
     save_progress_message "Setting up Accounting..."
 
-    strip_file accounting $1
-
     while read action chain source dest proto port sport user ; do
 	process_accounting_rule
     done < $TMP_DIR/accounting

Shorewall/lib.actions

@@ -557,10 +557,6 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
 #
 process_actions1() {
 
-    strip_file actions
-
-    strip_file actions.std ${SHAREDIR}/actions.std
-
     for inputfile in actions.std actions; do
 	while read xaction rest; do
 	    [ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest"

Shorewall/lib.config

@@ -222,7 +222,7 @@ get_firewall_zone() {
 	esac
     done < $f
 
-    startup_error "No firewall zone defined"
+    startup_error "No firewall zone defined in $f"
 }
 
 #
@@ -255,7 +255,7 @@ determine_zones()
     IPV4_ZONES=
     IPSEC_ZONES=
 
-    [ "$IPSECFILE" = zones ] && new_zone_file=Yes
+    [ "$IPSECFILE" = zones ] && new_zone_file=Yes || test -n "${FW:=fw}"
 
     while read zone type rest; do
 	case $zone in
@@ -1717,9 +1717,12 @@ do_initialize() {
     #
     TERMINATOR=fatal_error
     #
-    # Clear all configuration variables
+    # Clear all configuration variables (shorewall.conf)
     #
-    VERSION=
+    STARTUP_ENABLED=
+    #
+    #VERBOSE is inherited -- VERBOSITY is only used in the CIs
+    #    
     #
     # Logging
     #
@@ -1795,6 +1798,7 @@ do_initialize() {
     #
     # Other Globals
     #
+    VERSION=
     FW=
     USEPKTYPE=
     LOGLIMIT=
@@ -1820,7 +1824,7 @@ do_initialize() {
     TMP_DIR=$(mktempdir)
 
     [ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \
-       fatal_error "Can't create a temporary directory"
+       startup_error "Can't create a temporary directory"
 
     case $PROGRAM in
 	compiler)
@@ -1846,10 +1850,10 @@ do_initialize() {
 	    progress_message "Processing $config..."
 	    . $config
 	else
-	    fatal_error "Cannot read $config (Hint: Are you root?)"
+	    startup_error "Cannot read $config (Hint: Are you root?)"
 	fi
     else
-	fatal_error "$config does not exist!"
+	startup_error "$config does not exist!"
     fi
 
     #
@@ -1872,9 +1876,9 @@ do_initialize() {
 	if [ -z "$IPTABLES" ]; then
 	    IPTABLES=$(mywhich iptables 2> /dev/null)
 
-	    [ -z "$IPTABLES" ] && fatal_error "Can't find iptables executable"
+	    [ -z "$IPTABLES" ] && startup_error "Can't find iptables executable"
 	else
-	    [ -e "$IPTABLES" ] || fatal_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
+	    [ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
 	fi
 	
 	f=$(find_file capabilities)
@@ -1884,7 +1888,7 @@ do_initialize() {
     else
 	f=$(find_file capabilities)
 
-	[ -f $f ] && . $f || fatal_error "The -e flag requires a capabilities file"
+	[ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file"
     fi
 
     ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)"
@@ -1900,7 +1904,7 @@ do_initialize() {
 	[Oo][Nn]|[Oo][Ff][Ff]|[Kk][Ee][Ee][Pp])
 	    ;;
 	*)
-	    fatal_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING"
+	    startup_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING"
 	    ;;
 	esac
     else
@@ -1935,7 +1939,7 @@ do_initialize() {
 		MACLIST_TARGET=RETURN
 		;;
 	    *)
-		fatal_error "Invalid value ($MACLIST_DISPOSITION) for MACLIST_DISPOSITION"
+		startup_error "Invalid value ($MACLIST_DISPOSITION) for MACLIST_DISPOSITION"
 		;;
 	esac
     else
@@ -1947,7 +1951,7 @@ do_initialize() {
 	    REJECT|ACCEPT|DROP)
 		;;
 	    *)
-		fatal_error "Invalid value ($TCP_FLAGS_DISPOSITION) for TCP_FLAGS_DISPOSITION"
+		startup_error "Invalid value ($TCP_FLAGS_DISPOSITION) for TCP_FLAGS_DISPOSITION"
 		;;
 	esac
     else
@@ -1965,16 +1969,16 @@ do_initialize() {
 	    LOGRULENUMBERS=Yes
 	    temp=$(printf "$LOGFORMAT" fooxx2barxx 1 ACCEPT 2> /dev/null)
 	    if [ $? -ne 0 ]; then
-		fatal_error "Invalid LOGFORMAT string: \"$LOGFORMAT\""
+		startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\""
 	    fi
 	else
 	    temp=$(printf "$LOGFORMAT" fooxx2barxx ACCEPT 2> /dev/null)
 	    if [ $? -ne 0 ]; then
-		fatal_error "Invalid LOGFORMAT string: \"$LOGFORMAT\""
+		startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\""
 	    fi
 	fi
 
-	[ ${#temp} -le 29 ] || fatal_error "LOGFORMAT string is longer than 29 characters: \"$LOGFORMAT\""
+	[ ${#temp} -le 29 ] || startup_error "LOGFORMAT string is longer than 29 characters: \"$LOGFORMAT\""
 
 	MAXZONENAMELENGTH=$(( 5 + ( ( 29 - ${#temp}) / 2) ))
 	MAXZONENAMELENGTH=${MAXZONENAMELENGTH%.*}
@@ -1990,7 +1994,7 @@ do_initialize() {
 
     DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
     if [ -n "$DYNAMIC_ZONES" ]; then
-	[ -n "$EXPORT" ] && fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option"
+	[ -n "$EXPORT" ] && startup_error "DYNAMIC_ZONES=Yes is incompatible with the -e option"
 	lib_avail dynamiczones || error_message "WARNING: DYNAMIC_ZONES=Yes requires the Shorewall dynamiczones library (${SHAREDIR}/lib.dynamiczones) which is not installed"
     fi
 
@@ -2012,15 +2016,15 @@ do_initialize() {
     [ -n "$XCONNMARK_MATCH" ] || XCONNMARK=
     [ -n "$XMARK" ] || XCONNMARK=
 
-    [ -n "$HIGH_ROUTE_MARKS" -a -z "$XCONNMARK" ] && fatal_error "HIGH_ROUTE_MARKS=Yes requires extended CONNMARK target, extended CONNMARK match support and extended MARK support"
+    [ -n "$HIGH_ROUTE_MARKS" -a -z "$XCONNMARK" ] && startup_error "HIGH_ROUTE_MARKS=Yes requires extended CONNMARK target, extended CONNMARK match support and extended MARK support"
 
     case ${MACLIST_TABLE:=filter} in
 	filter)
 	    ;;
 	mangle)
-	    [ $MACLIST_DISPOSITION = reject ] && fatal_error "MACLIST_DISPOSITION=REJECT is not allowed with MACLIST_TABLE=mangle"
+	    [ $MACLIST_DISPOSITION = reject ] && startup_error "MACLIST_DISPOSITION=REJECT is not allowed with MACLIST_TABLE=mangle"
 	    ;;	*)
-	    fatal_error "Invalid value ($MACLIST_TABLE) for MACLIST_TABLE option"
+	    startup_error "Invalid value ($MACLIST_TABLE) for MACLIST_TABLE option"
 	    ;;
     esac
 
@@ -2031,7 +2035,7 @@ do_initialize() {
 	    [Yy][Ee][Ss])
 		TC_ENABLED=Yes
 		TC_SCRIPT=$(find_file tcstart)
-		[ -f $TC_SCRIPT ] || fatal_error "Unable to find tcstart file"
+		[ -f $TC_SCRIPT ] || startup_error "Unable to find tcstart file"
 		;;
 	    [Ii][Nn][Tt][Ee][Rr][Nn][Aa][Ll])
 	        TC_ENABLED=Internal
@@ -2045,7 +2049,7 @@ do_initialize() {
     fi
 
     if [ -n "$TC_ENABLED" ];then
-	[ -n "$MANGLE_ENABLED" ] || fatal_error "Traffic Shaping requires mangle support in your kernel and iptables"
+	[ -n "$MANGLE_ENABLED" ] || startup_error "Traffic Shaping requires mangle support in your kernel and iptables"
     fi
 
     [ "x${SHOREWALL_DIR}" = "x." ] && SHOREWALL_DIR="$PWD"
@@ -2079,7 +2083,7 @@ do_initialize() {
 	0|1)
 	    ;;
 	*)
-	    fatal_error "Invalid OPTIMIZE value ($OPTIMIZE)"
+	    startup_error "Invalid OPTIMIZE value ($OPTIMIZE)"
 	    ;;
     esac
     #
@@ -2089,7 +2093,7 @@ do_initialize() {
 
     temp=$(decodeaddr 192.168.1.1)
     if [ $(encodeaddr $temp) != 192.168.1.1 ]; then
-	fatal_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall"
+	startup_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall"
     fi
 
     if [ -z "$KLUDGEFREE" ]; then
@@ -2098,7 +2102,12 @@ do_initialize() {
     fi
 
     qt mywhich awk && HAVEAWK=Yes || HAVEAWK=
-
+    #
+    # Pre-process all of the standard files
+    #
+    # Because 'strip_file()' does shell variable expansion, we must first determine the
+    # setting of $FW
+    #
     case ${IPSECFILE:=ipsec} in
 	ipsec)
 	    [ -n "${FW:=fw}" ]
@@ -2108,7 +2117,7 @@ do_initialize() {
 	    get_firewall_zone
 	    ;;
 	*)
-	    fatal_error "Invalid value ($IPSECFILE) for IPSECFILE option"
+	    startup_error "Invalid value ($IPSECFILE) for IPSECFILE option"
 	    ;;
     esac
 
@@ -2118,7 +2127,13 @@ do_initialize() {
     strip_file hosts
 
     if [ $PROGRAM = compiler ]; then
-	strip_file_and_lib_load accounting accounting 
+	strip_file_and_lib_load accounting accounting
+
+	if [ -n "$USE_ACTIONS" ]; then
+	    strip_file actions
+	    strip_file actions.std ${SHAREDIR}/actions.std
+	fi
+	    
 	strip_file blacklist
 	strip_file ecn
 	strip_file maclist
@@ -2141,7 +2156,9 @@ do_initialize() {
 	strip_file tos
 	strip_file_and_lib_load tunnels tunnels
     fi
-
+    #
+    # Clear $FW
+    #
     FW=
 
 }

Shorewall/lib.providers

@@ -393,21 +393,15 @@ __EOF__
 __EOF__
 	done
 
-	f=$(find_file route_rules)
+	if [ -s $TMP_DIR/route_rules ]; then
+	    progress_message2 "$DOING $(find_file route_rules)..."
 
-	if [ -f $f ]; then
-	    strip_file route_rules $f
+	    save_command
 
-	    if [ -s $TMP_DIR/route_rules ]; then
-		progress_message2 "$DOING $f..."
-
-		save_command
-
-		while read source dest provider priority; do
-		    rule="$source $dest $priority $provider"
-		    add_an_rtrule
-		done < $TMP_DIR/route_rules
-	    fi
+	    while read source dest provider priority; do
+		rule="$source $dest $priority $provider"
+		add_an_rtrule
+	    done < $TMP_DIR/route_rules
 	fi
     fi
 

Shorewall/lib.tunnels

@@ -223,8 +223,6 @@ setup_tunnels() # $1 = name of tunnels file
 	progress_message_and_save "   GENERIC tunnel to $1:$p defined."
     }
 
-    strip_file tunnels $1
-
     while read kind z gateway z1; do
 	tunnel="$(echo $kind $z $gateway $z1)"
 	if validate_zone $z; then