From c43ee9edc58d59c0738fd1d775712c0ebe7b6f69 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 24 Mar 2006 18:39:36 +0000 Subject: [PATCH] Update Extension Script doc for 3.2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3727 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/shorewall_extension_scripts.xml | 47 ++++++++++++++++++---------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml index 630da7dd2..593a44dc1 100644 --- a/docs/shorewall_extension_scripts.xml +++ b/docs/shorewall_extension_scripts.xml @@ -15,10 +15,10 @@ - 2005-10-31 + 2006-03-24 - 2001-2005 + 2001-2006 Thomas M. Eastep @@ -178,14 +178,24 @@ - if you run commands other than iptables that - must be re-run in order to restore the firewall to its current state - then you must save the commands to the restore - file. The restore file is a temporary file in /var/lib/shorewall that will be renamed - /var/lib/shorewall/restore-base at the successful - completion of the Shorewall command. The shorewall - save command combines + Many of the extension scripts get executed for both the shorewall + start and shorewall restart commands. You can determine which command is + being executed using the contents of $COMMAND. + + if [ $COMMAND = start ]; then + ... + + + + Shorewall versions 3.0.x and earlier + only. If you run commands other than + iptables that must be re-run in order to restore the + firewall to its current state then you must save the commands to the + restore file. The restore file is a temporary + file in /var/lib/shorewall that + will be renamed /var/lib/shorewall/restore-base at + the successful completion of the Shorewall command. The + shorewall save command combines /var/lib/shorewall/restore-base with the output of iptables-save to produce the /var/lib/shorewall/restore script. @@ -226,12 +236,17 @@ - Many of the extension scripts get executed for both the shorewall - start and shorewall restart commands. You can determine which command is - being executed using the contents of $COMMAND. - - if [ $COMMAND = start ]; then - ... + Shorewall version 3.2.0 and later + only. When compiling your firewall configuration, Shorewall + copies extension scripts directly into the "compiled" program where they + are executed in-line during processing of the start, restart and restore + commands. When copying a script, Shorewall indents the script to match + the surrounding code; if you have 'awk' installed on the system where + the configuration is being compiled, Shorewall can correctly handle line + continuation in your script ("\" as the last character on a line). If + you do not have awk, you may not use line continuation in your scripts. + Also beware that quoted strings continued from one line to another will + have extra whitespace inserted as a result of indentation.