mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 22:30:58 +01:00
Allow <pathname> to be omitted from the 'compile' command
Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
29c8098d37
commit
d950fa27f2
@ -16,6 +16,8 @@ Changes in Shorewall 4.3.8
|
||||
|
||||
8) Remove SAME support.
|
||||
|
||||
9) Allow 'compile' without a pathname.
|
||||
|
||||
Changes in Shorewall 4.3.7
|
||||
|
||||
1) Fix forward treatment of interface options.
|
||||
|
@ -21,6 +21,11 @@ released late in 2009.
|
||||
4) Dynamic Zone support is once again available for IPv4; ipset support is
|
||||
required in your kernel and in iptables.
|
||||
|
||||
5) A new AUTOMAKE option has been added to shorewall.conf and
|
||||
shorewall6.conf. Setting this option will allow Shorewall to skip
|
||||
the compilation phase during start/restart if no configuration
|
||||
changes have occurred since the last start/restart.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
M I G R A T I O N I S S U E S
|
||||
----------------------------------------------------------------------------
|
||||
@ -103,6 +108,26 @@ None.
|
||||
Note that the 'make' utility must be installed on the firewall
|
||||
system in order for AUTOMAKE=Yes to work correctly.
|
||||
|
||||
6) The 'compile' command now allows you to omit the <pathname>. When
|
||||
you do that, the <pathname> defaults to /var/lib/shorewall/firewall
|
||||
(/var/lib/shorewall6/firewall) unless you have overridden VARDIR
|
||||
using /etc/shorewall/vardir (/etc/shorewall6/vardir).
|
||||
|
||||
When combined with AUTOMAKE=Yes, it allows the following:
|
||||
|
||||
gateway:~ # shorewall compile
|
||||
Compiling...
|
||||
Shorewall configuration compiled to /root/shorewall/firewall
|
||||
gateway:~ #
|
||||
...
|
||||
gateway:~ # shorewall restart
|
||||
Restarting Shorewall....
|
||||
done.
|
||||
gateway:~ #
|
||||
|
||||
In other words, you can compile the current configuration then
|
||||
install it at a later time.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
N E W F E A T U R E S IN 4 . 3
|
||||
----------------------------------------------------------------------------
|
||||
|
@ -563,7 +563,7 @@ compile_command() {
|
||||
finished=0
|
||||
|
||||
while [ $finished -eq 0 ]; do
|
||||
[ $# -eq 0 ] && usage 1
|
||||
[ $# -eq 0 ] && break
|
||||
option=$1
|
||||
case $option in
|
||||
-*)
|
||||
@ -609,6 +609,9 @@ compile_command() {
|
||||
file=
|
||||
|
||||
case $# in
|
||||
0)
|
||||
file=${VARDIR}/firewall
|
||||
;;
|
||||
1)
|
||||
file=$1
|
||||
[ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2;
|
||||
@ -1379,7 +1382,7 @@ usage() # $1 = exit status
|
||||
echo " allow <address> ..."
|
||||
echo " check [ -e ] [ <directory> ]"
|
||||
echo " clear [ -f ]"
|
||||
echo " compile [ -e ] [ <directory name> ] <path name>"
|
||||
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
|
||||
echo " delete <interface>[:<host-list>] ... <zone>"
|
||||
echo " drop <address> ..."
|
||||
echo " dump [ -x ]"
|
||||
|
@ -539,7 +539,7 @@ compile_command() {
|
||||
finished=0
|
||||
|
||||
while [ $finished -eq 0 ]; do
|
||||
[ $# -eq 0 ] && usage 1
|
||||
[ $# -eq 0 ] && break;
|
||||
option=$1
|
||||
case $option in
|
||||
-*)
|
||||
@ -585,6 +585,9 @@ compile_command() {
|
||||
file=
|
||||
|
||||
case $# in
|
||||
0)
|
||||
file=${VARDIR}/firewall
|
||||
;;
|
||||
1)
|
||||
file=$1
|
||||
[ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2;
|
||||
@ -1359,7 +1362,7 @@ usage() # $1 = exit status
|
||||
echo " allow <address> ..."
|
||||
echo " check [ -e ] [ <directory> ]"
|
||||
echo " clear [ -f ]"
|
||||
echo " compile [ -e ] [ <directory name> ] <path name>"
|
||||
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
|
||||
echo " delete <interface>[:<host-list>] ... <zone>"
|
||||
echo " drop <address> ..."
|
||||
echo " dump [ -x ]"
|
||||
|
@ -56,8 +56,6 @@
|
||||
|
||||
<arg><option>-e</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><option>-d</option></arg>
|
||||
|
||||
<arg><option>-p</option></arg>
|
||||
@ -88,15 +86,13 @@
|
||||
|
||||
<arg><option>-e</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><option>-d</option></arg>
|
||||
|
||||
<arg><option>-p</option></arg>
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><replaceable>pathname</replaceable></arg>
|
||||
<arg choice="opt"><replaceable>pathname</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
@ -150,8 +146,7 @@
|
||||
|
||||
<arg>-<replaceable>options</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><option>export</option><arg><option>-C</option>
|
||||
<option>{shell|perl}</option></arg></arg>
|
||||
<arg choice="plain"><option>export</option></arg>
|
||||
|
||||
<arg choice="opt"><replaceable>directory1</replaceable></arg>
|
||||
|
||||
@ -239,8 +234,6 @@
|
||||
|
||||
<arg><option>-r</option> <replaceable>root-user-name</replaceable></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><replaceable>system</replaceable></arg>
|
||||
@ -326,8 +319,6 @@
|
||||
|
||||
<arg><option>-r</option> <replaceable>root-user-name</replaceable></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><replaceable>system</replaceable></arg>
|
||||
@ -360,8 +351,6 @@
|
||||
|
||||
<arg><option>-f</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
@ -388,8 +377,6 @@
|
||||
|
||||
<arg choice="plain"><option>safe-restart</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><option>-d</option></arg>
|
||||
|
||||
<arg><option>-p</option></arg>
|
||||
@ -406,8 +393,6 @@
|
||||
|
||||
<arg choice="plain"><option>safe-start</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><option>-d</option></arg>
|
||||
|
||||
<arg><option>-p</option></arg>
|
||||
@ -525,8 +510,6 @@
|
||||
|
||||
<arg><option>-n</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg><option>-f</option></arg>
|
||||
|
||||
<arg><option>-n</option></arg>
|
||||
@ -566,8 +549,6 @@
|
||||
|
||||
<arg choice="plain"><option>try</option></arg>
|
||||
|
||||
<arg><option>-C</option> <option>{shell|perl}</option></arg>
|
||||
|
||||
<arg choice="plain"><replaceable>directory</replaceable></arg>
|
||||
|
||||
<arg><replaceable>timeout</replaceable></arg>
|
||||
@ -678,12 +659,6 @@
|
||||
-f capabilities > capabilities</emphasis> on a system with
|
||||
Shorewall Lite installed.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
|
||||
<para>The <option>-d</option> option only works when the compiler is
|
||||
Shorewall-perl. It causes the compiler to be run under control of
|
||||
the Perl debugger.</para>
|
||||
@ -718,7 +693,10 @@
|
||||
<listitem>
|
||||
<para>Compiles the current configuration into the executable file
|
||||
<emphasis>pathname</emphasis>. If a directory is supplied, Shorewall
|
||||
will look in that directory first for configuration files.</para>
|
||||
will look in that directory first for configuration files. If the
|
||||
<emphasis>pathname</emphasis> is omitted, the file
|
||||
<filename>firewall</filename> in the VARDIR (normally <filename
|
||||
class="directory">/var/lib/shorewall/</filename>) is assumed.</para>
|
||||
|
||||
<para>When -e is specified, the compilation is being performed on a
|
||||
system other than where the compiled script will run. This option
|
||||
@ -730,12 +708,6 @@
|
||||
capabilities</emphasis> on a system with Shorewall Lite
|
||||
installed</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
|
||||
<para>The <option>-d</option> option only works when the compiler is
|
||||
Shorewall-perl. It causes the compiler to be run under control of
|
||||
the Perl debugger.</para>
|
||||
@ -792,12 +764,6 @@
|
||||
<para>If <emphasis>directory1</emphasis> is omitted, the current
|
||||
working directory is assumed.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
|
||||
<para>Allows a non-root user to compile a shorewall script and stage
|
||||
it on a system (provided that the user has access to the system via
|
||||
ssh). The command is equivalent to:</para>
|
||||
@ -905,12 +871,6 @@
|
||||
<para>If <option>-r</option> is included, it specifies that the root
|
||||
user on <replaceable>system</replaceable> is named
|
||||
<replaceable>root-user-name</replaceable> rather than "root".</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1036,12 +996,6 @@
|
||||
<para>If <option>-r</option> is included, it specifies that the root
|
||||
user on <replaceable>system</replaceable> is named
|
||||
<replaceable>root-user-name</replaceable> rather than "root".</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1075,22 +1029,6 @@
|
||||
<para>The <option>-f</option> option suppresses the compilation step
|
||||
and simply reused the compiled script which last started/restarted
|
||||
Shorewall.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
|
||||
<warning>
|
||||
<para>If you use Shorewall's multi-ISP feature, you are stronly
|
||||
advised against using the -C option of the
|
||||
<command>restart</command> command when switching between
|
||||
Shorewall-shell and Shorewall-perl. The only supported way to
|
||||
switch compilers is to <command>shorewall stop</command> followed
|
||||
by <command>shorewall start -C</command>
|
||||
<replaceable>compiler</replaceable></para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1123,22 +1061,6 @@
|
||||
configuration is restored from the saved configuration. If a
|
||||
directory is given, then Shorewall will look in that directory first
|
||||
when opening configuration files.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
|
||||
<warning>
|
||||
<para>If you use Shorewall's multi-ISP feature, you are stronly
|
||||
advised against using the -C option of the
|
||||
<command>safe-restart</command> command when switching between
|
||||
Shorewall-shell and Shorewall-perl. The only supported way to
|
||||
switch compilers is to <command>shorewall stop</command> followed
|
||||
by <command>shorewall safe-start -C</command>
|
||||
<replaceable>compiler</replaceable></para>
|
||||
</warning>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1153,12 +1075,6 @@
|
||||
shorewall clear is performed for you. If a directory is given, then
|
||||
Shorewall will look in that directory first when opening
|
||||
configuration files.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1363,12 +1279,6 @@
|
||||
<para>The <option>-p</option> option causes the connection tracking
|
||||
table to be flushed; the <command>conntrack</command> utility must
|
||||
be installed to use this option.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -1428,12 +1338,6 @@
|
||||
role="bold">clear</emphasis> or <emphasis
|
||||
role="bold">restore</emphasis> is performed after
|
||||
<replaceable>timeout</replaceable> seconds.</para>
|
||||
|
||||
<para>The <option>-C</option> option determines the compiler to use
|
||||
(Shorewall-shell or Shorewall-perl). If not specified, the
|
||||
SHOREWALL_COMPILER setting in <ulink
|
||||
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
|
||||
compiler to use.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -75,7 +75,7 @@
|
||||
|
||||
<arg><replaceable>directory</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><replaceable>pathname</replaceable></arg>
|
||||
<arg choice="opt"><replaceable>pathname</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
@ -573,7 +573,9 @@
|
||||
<para>Compiles the current configuration into the executable file
|
||||
<emphasis>pathname</emphasis>. If a directory is supplied,
|
||||
Shorewall6 will look in that directory first for configuration
|
||||
files.</para>
|
||||
files. If the <emphasis>pathname</emphasis> is omitted, the file
|
||||
firewall in the VARDIR (normally <filename
|
||||
class="directory">/var/lib/shorewall/</filename>) is assumed.</para>
|
||||
|
||||
<para>When -e is specified, the compilation is being performed on a
|
||||
system other than where the compiled script will run. This option
|
||||
|
Loading…
Reference in New Issue
Block a user