diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index a207493bb..e8caa634c 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -72,9 +72,9 @@ - The /etc/shorewall/params extension - script is executed at compile time as well as at run - time. + With Shorewall 3.2.0 through 3.2.8, the + /etc/shorewall/params extension script is + executed at compile time as well as at run time. Running the script at compile time allows variable expansion (expanding $variable to it's defined value) of @@ -99,22 +99,23 @@ Bottom line: You probably want to use only constant values for variables set in /etc/shorewall/params. + - To work around this, Shorewall 3.2.9 (Shorewall 3.4.0 RC2) - and later support a compile extension - script. This script is invoked during compiler initialization to - set shell variables needed at compile time. If you need the IP - address of eth0 on the firewall system, you can use this trick - in /etc/shorewall/compile: + + Beginning with Shorewall 3.2.9 (and 3.4.0 RC2), + /etc/shorewall/params is only processed at + compile time. For run-time setting of shell variables, use + /etc/shorewall/init. + + If /etc/shorewall/params needs to set + shell variables based on the configuration of the firewall + system, you can use this trick: EXT_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0") The shorewall-lite call command allows - you to interactively call any function in - /etc/shorewall/functions - (/etc/shorewall/lib.base and - /etc/shorewall/lib.conf on Shorewall 3.4 - and later). + you to to call interactively any Shorewall function that you can + call in an extension script. diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml index 7e3971e88..4e6bb4142 100644 --- a/docs/shorewall_extension_scripts.xml +++ b/docs/shorewall_extension_scripts.xml @@ -119,6 +119,11 @@ rule is added to the current chain (the name of that chain will be in $CHAIN). + + + compile -- (Added in Shorewall versions 3.2.9 and 3.4.0 RC2) + invoked during compiler initialization. + If your version of Shorewall doesn't have the