diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml
index a207493bb..e8caa634c 100644
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@@ -72,9 +72,9 @@
- The /etc/shorewall/params extension
- script is executed at compile time as well as at run
- time.
+ With Shorewall 3.2.0 through 3.2.8, the
+ /etc/shorewall/params extension script is
+ executed at compile time as well as at run time.
Running the script at compile time allows variable
expansion (expanding $variable to it's defined value) of
@@ -99,22 +99,23 @@
Bottom line: You probably want to use only constant values
for variables set in
/etc/shorewall/params.
+
- To work around this, Shorewall 3.2.9 (Shorewall 3.4.0 RC2)
- and later support a compile extension
- script. This script is invoked during compiler initialization to
- set shell variables needed at compile time. If you need the IP
- address of eth0 on the firewall system, you can use this trick
- in /etc/shorewall/compile:
+
+ Beginning with Shorewall 3.2.9 (and 3.4.0 RC2),
+ /etc/shorewall/params is only processed at
+ compile time. For run-time setting of shell variables, use
+ /etc/shorewall/init.
+
+ If /etc/shorewall/params needs to set
+ shell variables based on the configuration of the firewall
+ system, you can use this trick:
EXT_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0")
The shorewall-lite call command allows
- you to interactively call any function in
- /etc/shorewall/functions
- (/etc/shorewall/lib.base and
- /etc/shorewall/lib.conf on Shorewall 3.4
- and later).
+ you to to call interactively any Shorewall function that you can
+ call in an extension script.
diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml
index 7e3971e88..4e6bb4142 100644
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@@ -119,6 +119,11 @@
rule is added to the current chain (the name of that chain will be in
$CHAIN).
+
+
+ compile -- (Added in Shorewall versions 3.2.9 and 3.4.0 RC2)
+ invoked during compiler initialization.
+
If your version of Shorewall doesn't have the