Allow the log tag to act as a generalized parameter to an action extension script

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2583 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-26 20:51:27 +02:00 · 2005-08-29 20:32:16 +00:00 · 2005-08-29 20:32:16 +00:00 · b258f29d56
commit b258f29d56
parent 433d4303ca
3 changed files with 34 additions and 4 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -17,6 +17,8 @@ Changes in 2.5.3

 8) Fixed tunnels/rules interaction problems.

+9) Provide hack for passing arguments to action extension scripts.
+
 Changes in 2.5.2

 1) Allow port lists in /etc/sorewall/accounting.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -4015,7 +4015,6 @@ process_action() # $1 = chain    (Chain to add the rules to)
 	case $loglevel in
 	    none*)
 		loglevel=
-		logtag=
 		[ $target = LOG ] && return
 		;;
 	esac
@ -4195,6 +4194,9 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
 	else
 	    TAG=
 	fi
+	
+	[ none = "${LEVEL%\!}" ] && LEVEL=
+	
 	run_user_exit $1
    fi

@ -4277,7 +4279,7 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
 	*:*:*)
 	    case $2 in
 		'none!')
-		    echo ${subordinate%%:*}:'none!'
+		    echo ${subordinate%%:*}:'none!':$3
 		    return
 		    ;;
 		*'!')
@ -4286,10 +4288,14 @@ merge_levels() # $1=level at which superior action is called, $2=level at which
 		    ;;
 		*)
 		    case $subordinate in
-			*:*)
+			*:*:*)
 			    echo $subordinate
 			    return
 			    ;;
+			*:*)
+			    echo $subordinate:$3
+			    return
+			    ;;
 			*)
 			    echo ${subordinate%%:*}:$2:$3
 			    return
@ -5384,7 +5390,6 @@ process_rule() # $1 = target
 	case $loglevel in
 	    none*)
 		loglevel=
-		logtag=
 		[ $target = LOG ] && return
 		;;
 	esac
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -83,6 +83,29 @@ New Features in Shorewall 2.5.3
    the rules file. It is recommended that rules specifying 'ipp2p'
    only be included in the ESTABLISHED section of the file.

+7)  Shorewall actions lack a generalized way to pass parameters to an
+    extension script associated with an action. To work around this
+    lack, some users have used the log tag as a parameter. This works
+    but requires that a log level other than 'none' be specified when
+    the action is invoked. Beginning with this release, you can invoke
+    an action with 'none'.
+
+    Example:
+
+	#ACTION				SOURCE          DEST
+	A:none:these,are,parameters   fw		net
+
+    When /etc/shorewall/A is invoked, the LEVEL variable will be empty
+    but the TAG variable will contain "these,are,parameters" which
+    can be easily parsed to isolate "these", "are" and "parameters":
+
+	ifs=$IFS
+	IFS=,
+	set -- $TAG
+	IFS=$ifs
+
+    Now, $1 = these, $2 = are and $3 = parameters
+
 Problems Corrected in 2.5.2:

 1) You may now include port lists in in the /etc/shorewall/accounting