Add USE_LOCAL_MODULES option

2024-11-25 09:03:30 +01:00 · 2011-01-22 08:13:17 -08:00 · 2011-01-22 08:13:17 -08:00 · a2b440b093
commit a2b440b093
parent 985fd990c6
17 changed files with 82 additions and 11 deletions
--- a/Samples/Universal/shorewall.conf
+++ b/Samples/Universal/shorewall.conf
@ -194,6 +194,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=Yes
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@ -205,6 +205,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@ -205,6 +205,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@ -212,6 +212,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/Universal/shorewall6.conf
+++ b/Samples6/Universal/shorewall6.conf
@ -157,6 +157,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=Yes
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ##############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -159,6 +159,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -337,9 +337,9 @@ sub generate_script_3($) {
    save_progress_message 'Initializing...';
    if ( $export ) {
-	my $fn = find_file $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules';
+	my $fn = find_file( $config{LOAD_HELPERS_ONLY} ? 'helpers' : 'modules' );
-	if ( -f $fn && ! $fn =~ "^$globals{SHAREDIR}/" ) {
+	if ( -f $fn && ( $config{USE_LOCAL_MODULES} || ! $fn =~ "^$globals{SHAREDIR}/" ) ) {
 	    emit 'echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir';
 	    emit 'cat > ${VARDIR}/.modules << EOF';
 	    open_file $fn;
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -483,6 +483,7 @@ sub initialize( $ ) {
 	  REQUIRE_INTERFACE => undef,
 	  FORWARD_CLEAR_MARK => undef,
 	  COMPLETE => undef,
 	  USE_LOCAL_MODULES => undef,
 	  #
 	  # Packet Disposition
 	  #
@ -3204,6 +3205,7 @@ sub get_configuration( $ ) {
    default_yes_no 'REQUIRE_INTERFACE'          , '';
    default_yes_no 'FORWARD_CLEAR_MARK'         , have_capability 'MARK' ? 'Yes' : '';
    default_yes_no 'COMPLETE'                   , '';
    default_yes_no 'USE_LOCAL_MODULES'          , '';
    require_capability 'MARK' , 'FOREWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -8,6 +8,8 @@ Changes in Shorewall 4.4.17 Beta 1
 4)  Add sch_prio to modules file.
 5)  Add 'USE_LOCAL_MODULES' option.
 Changes in Shorewall 4.4.17 Beta 1
 1)  Improve readability of logging logic in expand_rule().
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -194,6 +194,8 @@ FORWARD_CLEAR_MARK=
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -77,13 +77,22 @@ Beta 1
 	stopped
 	tcclear
-     The directive is executed during compilation so that the INCLUDEd
+    The directive is executed during compilation so that the INCLUDEd
-     file(s) is(are) copied into the generated script. This same
+    file(s) is(are) copied into the generated script. This same
-     technique is also now used for INCLUDE directives in the params
+    technique is also now used for INCLUDE directives in the params
-     file when EXPORTPARAMS=Yes. Previously, INCLUDE directives in that
+    file when EXPORTPARAMS=Yes. Previously, INCLUDE directives in that
-     file were strongly discouraged with EXPORTPARAMS=Yes because the
+    file were strongly discouraged with EXPORTPARAMS=Yes because the
-     INCLUDE was performed on the firewall system rather than on the
+    INCLUDE was performed on the firewall system rather than on the
-     administrative system.
+    administrative system.
 3)  Traditionally, the -lite products have used the modules (or
    helpers) file on the firewall system unless there is a modules (or
    helpers) file in the configuration directory.  This release
    introduces the USE_LOCAL_MODULES option in shorewall[6].conf.
    When USE_LOCAL_MODULES=Yes, the modules (helpers) file on the
    administrative system will be used to determine the set of modules
    loaded. 
 ----------------------------------------------------------------------------
             I V.  R E L E A S E  4 . 4  H I G H L I G H T S
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@ -157,6 +157,8 @@ FORWARD_CLEAR_MARK=Yes
 COMPLETE=No
 USE_LOCAL_MODULES=Yes
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@ -443,6 +443,12 @@ clean:
        must place a copy of the appropriate file
        (<filename>modules</filename> or <filename>helpers</filename>) in the
        firewall's configuration directory before compilation.</para>
        <para>In Shorewall 4.4.17, the USE_LOCAL_MODULES option was added to
        shorewall.conf (and shorewall6.conf). When USE_LOCAL_MODULES=Yes, any
        <filename>modules</filename> or <filename>helpers</filename> file
        found on the CONFIG_PATH on the Administrative System during
        compilation will be used.</para>
      </section>
      <section id="Converting">
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@ -555,7 +555,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
          <para>Beginning with Shorewall 4.4.17, the variables set in the
          'params' file at compile time are available at run time with
          EXPORTPARAMS=No. As a consequence, beginning with that version the
-          recommended setting is EXPORTPARAMS=No. </para>
+          recommended setting is EXPORTPARAMS=No.</para>
          <para>It is quite difficult to code a 'params' file that assigns
          other than constant values such that it works correctly with
@ -1845,6 +1845,22 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">USE_LOCAL_MODULES=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 4.4.17. When set to Yes when compiling for
          use by Shorewall LIte (<command>shorewall load</command>,
          <command>shorewall reload </command>or <command>shorewall
          export</command> commands), the compiler will copy the modules or
          helpers file from the administrative system into the script. When
          set to No or not specified, the compiler will not copy the modules
          or helpers file from <filename>/usr/share/shorewall</filename> but
          will copy the found in another location on the CONFIG_PATH.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -472,7 +472,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
          <para>Beginning with Shorewall 4.4.17, the variables set in the
          'params' file at compile time are available at run time with
          EXPORTPARAMS=No. As a consequence, beginning with that version the
-          recommended setting is EXPORTPARAMS=No. </para>
+          recommended setting is EXPORTPARAMS=No.</para>
          <para>It is quite difficult to code a 'params' file that assigns
          other than constant values such that it works correctly with
@ -1492,6 +1492,22 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">USE_LOCAL_MODULES=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 4.4.17. When set to Yes when compiling for
          use by Shorewall6 LIte (<command>shorewall6 load</command>,
          <command>shorewall6 reload </command>or <command>shorewall6
          export</command> commands), the compiler will copy the modules or
          helpers file from the administrative system into the script. When
          set to No or not specified, the compiler will not copy the modules
          or helpers file from <filename>/usr/share/shorewall6</filename> but
          will copy the found in another location on the CONFIG_PATH.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>