CONFIG_PATH

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1254 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-11 16:18:13 +01:00 · 2004-04-10 02:47:04 +00:00 · 2004-04-10 02:47:04 +00:00 · a1efb12b48
commit a1efb12b48
parent 2536a2795a
6 changed files with 81 additions and 14 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -3,3 +3,7 @@ Changes since 2.0.1
 1) Reformat the code in define_firewall().

 2) Reimplement dynamic zones.
+
+3) Tweak new dynamic zone implementation.
+
+4) Implement CONFIG_PATH.
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -5057,8 +5057,6 @@ activate_rules()
    for zone in $zones; do
 	eval source_hosts=\$${zone}_hosts

-	echo $zone $source_hosts >> ${STATEDIR}/zones
-
 	chain1=$(rules_chain $FW $zone)
 	chain2=$(rules_chain $zone $FW)

@ -5069,8 +5067,11 @@ activate_rules()
 	    createchain $frwd_chain No
 	fi

-	echo "$FW $zone $chain1" >> ${STATEDIR}/chains
-	echo "$zone $FW $chain2" >> ${STATEDIR}/chains
+	if [ -n "$DYNAMIC_CHAINS" ]; then
+	    echo $zone $source_hosts >> ${STATEDIR}/zones
+	    echo "$FW $zone $chain1" >> ${STATEDIR}/chains
+	    echo "$zone $FW $chain2" >> ${STATEDIR}/chains
+	fi

 	need_broadcast=

@ -5118,7 +5119,7 @@ activate_rules()

 	    chain="$(rules_chain $zone $zone1)"

-	    echo "$zone $zone1 $chain" >> ${STATEDIR}/chains
+	    [ -n "$DYNAMIC_ZONES" ] && echo "$zone $zone1 $chain" >> ${STATEDIR}/chains

 	    if [ $zone = $zone1 ]; then
 		#
@ -5709,6 +5710,7 @@ do_initialize() {
    DISABLE_IPV6=
    BRIDGING=
    DYNAMIC_ZONES=
+    CONFIG_PATH=/etc/shorewall:/usr/share/shorewall

    stopping=
    have_mutex=
@ -5738,6 +5740,8 @@ do_initialize() {

    run_user_exit params

+    [ -n "$SHOREWALL_DIR" ] && CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH
+
    config=$(find_file shorewall.conf)

    if [ -f $config ]; then
@ -5748,6 +5752,11 @@ do_initialize() {
 	exit 2
    fi
    #
+    # Restore CONFIG_PATH if the shorewall.conf file cleared it
+    #
+    [ -n "$CONFIG_PATH"] || CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+    [ -n "$SHOREWALL_DIR" ] && CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH
+    #
    # Determine the capabilities of the installed iptables/netfilter
    #
    determine_capabilities
--- a/Shorewall2/functions
+++ b/Shorewall2/functions
@ -87,20 +87,26 @@ fix_bang() {
 #
 find_file()
 {
+    local saveifs= directory
+
    case $1 in
 	/*)
 	    echo $1
 	    ;;
 	*)
-	    if [ -n "$SHOREWALL_DIR" -a -f $SHOREWALL_DIR/$1 ]; then
-		echo $SHOREWALL_DIR/$1
-	    elif [ -f /etc/shorewall/$1 ]; then
-		echo /etc/shorewall/$1
-	    elif [ -f /usr/share/shorewall/$1 ]; then
-		echo /usr/share/shorewall/$1
-	    else
-		echo /etc/shorewall/$1
-	    fi
+	    saveifs=$IFS
+	    IFS=:
+	    for directory in $CONFIG_PATH; do
+	        if [ -f $directory/$1 ]; then
+		    echo $directory/$1
+		    IFS=$saveifs
+		    return
+		fi
+	    done
+		
+	    IFS=$saveifs
+			
+	    echo /etc/shorewall/$1
 	    ;;
    esac
 }
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -21,3 +21,30 @@ New Features:
   under the control of the DYNAMIC_ZONES option in
   /etc/shorewall/shorewall.conf.

+2) In earlier Shorewall 2.0 releases, Shorewall searches in order the
+   following directories for configuration files.
+
+   a) The directory specified in a 'try' command or specified using
+      the -c option.
+
+   b) /etc/shorewall
+
+   c) /usr/share/shorewall
+
+   In this release, the CONFIG_PATH option is added to shorewall.conf.
+   CONFIG_PATH contains a list of directory names separated by colons
+   (":"). If not set or set to a null value (e.g., CONFIG_PATH="") then
+   "CONFIG_PATH=/etc/shorewall:/usr/share/shorewall" is assumed.
+
+   Now Shorewall searches for shorewall.conf according to the old
+   rules and for other configuration files as follows:
+
+   a) The directory specified in a 'try' command or specified using
+      the -c option.
+
+   b) Each directory in $CONFIG_PATH is searched in sequence.
+
+   For those of you who are logic-challenged, your CONFIG_PATH should
+   include both /etc/shorewall and /usr/share/shorewall (in that
+   order, although there may be intervening directories).
+
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@ -160,6 +160,7 @@ get_config() {
 	    exit 2
 	fi
    fi
+
 }

 #
@ -630,6 +631,8 @@ FIREWALL=$SHARED_DIR/firewall
 FUNCTIONS=$SHARED_DIR/functions
 VERSION_FILE=$SHARED_DIR/version
 HELP=$SHARED_DIR/help
+CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+[ -n "$SHOREWALL_DIR" ] && CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH

 if [ -f $FUNCTIONS ]; then
    . $FUNCTIONS
@ -647,6 +650,11 @@ else
    exit 2
 fi

+if [ -z "$CONFIG_PATH" ]; then
+    CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
+    [ -n "$SHOREWALL_DIR" ] && CONFIG_PATH=$SHOREWALL_DIR:$CONFIG_PATH
+fi
+
 [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall

 if [ ! -f $FIREWALL ]; then
--- a/Shorewall2/shorewall.conf
+++ b/Shorewall2/shorewall.conf
@ -236,6 +236,19 @@ STATEDIR=/var/lib/shorewall

 MODULESDIR=

+#
+# CONFIGURATION SEARCH PATH
+#
+# This option holds a list of directory names separated by colons
+# (":"). Shorewall will search each directory in turn when looking for a
+# configuration file. When processing a 'try' command or a command
+# containing the "-c" option, Shorewall will automatically add the
+# directory specified in the command to the front of this list.
+#
+# If not specified or specified as null ("CONFIG_PATH=""),
+# CONFIG_PATH=/etc/shorewall:/usr/share/shorewall is assumed.
+
+CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
 ################################################################################
 #                       F I R E W A L L   O P T I O N S
 ################################################################################