Add USE_LOCAL_MODULES option

Samples/Universal/shorewall.conf

@@ -194,6 +194,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=Yes
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples/one-interface/shorewall.conf

@@ -205,6 +205,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples/three-interfaces/shorewall.conf

@@ -205,6 +205,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples/two-interfaces/shorewall.conf

@@ -212,6 +212,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples6/Universal/shorewall6.conf

@@ -157,6 +157,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=Yes
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples6/one-interface/shorewall6.conf

@@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ##############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples6/three-interfaces/shorewall6.conf

@@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Samples6/two-interfaces/shorewall6.conf

@@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Shorewall/Perl/Shorewall/Compiler.pm

@@ -337,9 +337,9 @@ sub generate_script_3($) {
     save_progress_message 'Initializing...';
 
     if ( $export ) {
-	my $fn = find_file $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules';
+	my $fn = find_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' );
 
-	if ( -f $fn && ! $fn =~ "^$globals{SHAREDIR}/" ) {
+	if ( -f $fn && ( $config{USE_LOCAL_MODULES} || ! $fn =~ "^$globals{SHAREDIR}/" ) ) {
 	    emit 'echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir';
 	    emit 'cat > ${VARDIR}/.modules << EOF';
 	    open_file $fn;

Shorewall/Perl/Shorewall/Config.pm

@@ -483,6 +483,7 @@ sub initialize( $ ) {
 	  REQUIRE_INTERFACE => undef,
 	  FORWARD_CLEAR_MARK => undef,
 	  COMPLETE => undef,
+	  USE_LOCAL_MODULES => undef,
 	  #
 	  # Packet Disposition
 	  #
@@ -3204,6 +3205,7 @@ sub get_configuration( $ ) {
     default_yes_no 'REQUIRE_INTERFACE'          , '';
     default_yes_no 'FORWARD_CLEAR_MARK'         , have_capability 'MARK' ? 'Yes' : '';
     default_yes_no 'COMPLETE'                   , '';
+    default_yes_no 'USE_LOCAL_MODULES'          , '';
 
     require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
 

Shorewall/changelog.txt

@@ -8,6 +8,8 @@ Changes in Shorewall 4.4.17 Beta 1
 
 4)  Add sch_prio to modules file.
 
+5)  Add 'USE_LOCAL_MODULES' option.
+
 Changes in Shorewall 4.4.17 Beta 1
 
 1)  Improve readability of logging logic in expand_rule().

Shorewall/configfiles/shorewall.conf

@@ -194,6 +194,8 @@ FORWARD_CLEAR_MARK=
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

Shorewall/releasenotes.txt

@@ -77,13 +77,22 @@ Beta 1
 	stopped
 	tcclear
 
-     The directive is executed during compilation so that the INCLUDEd
-     file(s) is(are) copied into the generated script. This same
-     technique is also now used for INCLUDE directives in the params
-     file when EXPORTPARAMS=Yes. Previously, INCLUDE directives in that
-     file were strongly discouraged with EXPORTPARAMS=Yes because the
-     INCLUDE was performed on the firewall system rather than on the
-     administrative system.
+    The directive is executed during compilation so that the INCLUDEd
+    file(s) is(are) copied into the generated script. This same
+    technique is also now used for INCLUDE directives in the params
+    file when EXPORTPARAMS=Yes. Previously, INCLUDE directives in that
+    file were strongly discouraged with EXPORTPARAMS=Yes because the
+    INCLUDE was performed on the firewall system rather than on the
+    administrative system.
+
+3)  Traditionally, the -lite products have used the modules (or
+    helpers) file on the firewall system unless there is a modules (or
+    helpers) file in the configuration directory.  This release
+    introduces the USE_LOCAL_MODULES option in shorewall[6].conf.
+
+    When USE_LOCAL_MODULES=Yes, the modules (helpers) file on the
+    administrative system will be used to determine the set of modules
+    loaded. 
 
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S

Shorewall6/shorewall6.conf

@@ -157,6 +157,8 @@ FORWARD_CLEAR_MARK=Yes
 
 COMPLETE=No
 
+USE_LOCAL_MODULES=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################

docs/CompiledPrograms.xml

@@ -443,6 +443,12 @@ clean:
         must place a copy of the appropriate file
         (<filename>modules</filename> or <filename>helpers</filename>) in the
         firewall's configuration directory before compilation.</para>
+
+        <para>In Shorewall 4.4.17, the USE_LOCAL_MODULES option was added to
+        shorewall.conf (and shorewall6.conf). When USE_LOCAL_MODULES=Yes, any
+        <filename>modules</filename> or <filename>helpers</filename> file
+        found on the CONFIG_PATH on the Administrative System during
+        compilation will be used.</para>
       </section>
 
       <section id="Converting">

manpages/shorewall.conf.xml

@@ -555,7 +555,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
           <para>Beginning with Shorewall 4.4.17, the variables set in the
           'params' file at compile time are available at run time with
           EXPORTPARAMS=No. As a consequence, beginning with that version the
-          recommended setting is EXPORTPARAMS=No. </para>
+          recommended setting is EXPORTPARAMS=No.</para>
 
           <para>It is quite difficult to code a 'params' file that assigns
           other than constant values such that it works correctly with
@@ -1845,6 +1845,22 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">USE_LOCAL_MODULES=</emphasis>[<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.17. When set to Yes when compiling for
+          use by Shorewall LIte (<command>shorewall load</command>,
+          <command>shorewall reload </command>or <command>shorewall
+          export</command> commands), the compiler will copy the modules or
+          helpers file from the administrative system into the script. When
+          set to No or not specified, the compiler will not copy the modules
+          or helpers file from <filename>/usr/share/shorewall</filename> but
+          will copy the found in another location on the CONFIG_PATH.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis
         role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>

manpages6/shorewall6.conf.xml

@@ -472,7 +472,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
           <para>Beginning with Shorewall 4.4.17, the variables set in the
           'params' file at compile time are available at run time with
           EXPORTPARAMS=No. As a consequence, beginning with that version the
-          recommended setting is EXPORTPARAMS=No. </para>
+          recommended setting is EXPORTPARAMS=No.</para>
 
           <para>It is quite difficult to code a 'params' file that assigns
           other than constant values such that it works correctly with
@@ -1492,6 +1492,22 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><emphasis role="bold">USE_LOCAL_MODULES=</emphasis>[<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.17. When set to Yes when compiling for
+          use by Shorewall6 LIte (<command>shorewall6 load</command>,
+          <command>shorewall6 reload </command>or <command>shorewall6
+          export</command> commands), the compiler will copy the modules or
+          helpers file from the administrative system into the script. When
+          set to No or not specified, the compiler will not copy the modules
+          or helpers file from <filename>/usr/share/shorewall6</filename> but
+          will copy the found in another location on the CONFIG_PATH.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><emphasis
         role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>