diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 2a1ecd533..bda9f84f2 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -19,6 +19,8 @@ Changes in 4.1.5 9) Automatic macro comments. +10) But make automatic macro comments optional. + Changes in 4.1.4 1) Fix do_test() to accept 0 and to use the same mask as diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 67d67dbfb..3cb4d8cc8 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -123,9 +123,11 @@ New Features in 4.1.5. 4) Shorewall-perl now generates an error when a MAC address appears in a traffic shaping rule in the OUTPUT or POSTROUTING chains. -5) Macros are now self-commenting. If there is not a current comment - when a macro is invoked, the behavior under Shorewall-perl is as if - the first line of the macro file was "COMMENT ". +5) Macros are now self-commenting under control of a new AUTO_COMMENT + option in shorewall.conf. When this option is set, if there is not + a current comment when a macro is invoked, the behavior under + Shorewall-perl is as if the first line of the macro file was + "COMMENT ". So, if you have this rule: @@ -135,6 +137,10 @@ New Features in 4.1.5. viewed with 'iptables -L' or 'shorewall show loc2fw' or 'shorewall dump'. + The AUTO_COMMENT option has a default value of 'Yes' and is only + available under Shorewall-perl The option is ignored by + Shorewall-shell. + New Features in Shorewall 4.1. 1) Shorewall 4.1 contains experimental support for multiple Internet diff --git a/Shorewall-common/shorewall.conf b/Shorewall-common/shorewall.conf index 94f350163..cba1aa175 100644 --- a/Shorewall-common/shorewall.conf +++ b/Shorewall-common/shorewall.conf @@ -179,6 +179,8 @@ MULTICAST=No DONT_LOAD= +AUTO_COMMENT=Yes + ############################################################################### # P A C K E T D I S P O S I T I O N ############################################################################### diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index ff72eca08..7ac02f6d4 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -375,7 +375,7 @@ sub clear_comment() { sub macro_comment( $ ) { my $macro = $_[0]; - $comment = $macro unless $comment || ! $capabilities{COMMENTS}; + $comment = $macro unless $comment || ! ( $capabilities{COMMENTS} && $config{AUTO_COMMENT} ); } # diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index a9a0288b3..b2b1ee9ba 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -353,6 +353,7 @@ sub initialize() { MULTICAST => undef, DONT_LOAD => '', BROKEN_ROUTING => '', + AUTO_COMMENT => '' , # # Packet Disposition # @@ -1880,6 +1881,7 @@ sub get_configuration( $ ) { default_yes_no 'KEEP_RT_TABLES' , ''; default_yes_no 'DELETE_THEN_ADD' , 'Yes'; default_yes_no 'BROKEN_ROUTING' , ''; + default_yes_no 'AUTO_COMMENT' , 'Yes'; default_yes_no 'MULTICAST' , ''; default_yes_no 'MARK_IN_FORWARD_CHAIN' , ''; diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index 479925722..bbbf3d066 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -240,6 +240,18 @@ + + AUTO_COMMENT=[Yes|No] + + + Added in Shorewall-perl 4.1.5. If set, if there is not a + current comment when a macro is invoked, the behavior is as if the + first line of the macro file was "COMMENT <macro name>". The + AUTO_COMMENT option has a default value of 'Yes'. + + + BIGDPORTLISTS=[Yes|No]