Allow <pathname> to be omitted from the 'compile' command

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-04-02 01:12:34 +00:00
parent 29c8098d37
commit d950fa27f2
6 changed files with 47 additions and 108 deletions

View File

@ -16,6 +16,8 @@ Changes in Shorewall 4.3.8
8) Remove SAME support.
9) Allow 'compile' without a pathname.
Changes in Shorewall 4.3.7
1) Fix forward treatment of interface options.

View File

@ -21,6 +21,11 @@ released late in 2009.
4) Dynamic Zone support is once again available for IPv4; ipset support is
required in your kernel and in iptables.
5) A new AUTOMAKE option has been added to shorewall.conf and
shorewall6.conf. Setting this option will allow Shorewall to skip
the compilation phase during start/restart if no configuration
changes have occurred since the last start/restart.
----------------------------------------------------------------------------
M I G R A T I O N I S S U E S
----------------------------------------------------------------------------
@ -103,6 +108,26 @@ None.
Note that the 'make' utility must be installed on the firewall
system in order for AUTOMAKE=Yes to work correctly.
6) The 'compile' command now allows you to omit the <pathname>. When
you do that, the <pathname> defaults to /var/lib/shorewall/firewall
(/var/lib/shorewall6/firewall) unless you have overridden VARDIR
using /etc/shorewall/vardir (/etc/shorewall6/vardir).
When combined with AUTOMAKE=Yes, it allows the following:
gateway:~ # shorewall compile
Compiling...
Shorewall configuration compiled to /root/shorewall/firewall
gateway:~ #
...
gateway:~ # shorewall restart
Restarting Shorewall....
done.
gateway:~ #
In other words, you can compile the current configuration then
install it at a later time.
----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 3
----------------------------------------------------------------------------

View File

@ -563,7 +563,7 @@ compile_command() {
finished=0
while [ $finished -eq 0 ]; do
[ $# -eq 0 ] && usage 1
[ $# -eq 0 ] && break
option=$1
case $option in
-*)
@ -609,6 +609,9 @@ compile_command() {
file=
case $# in
0)
file=${VARDIR}/firewall
;;
1)
file=$1
[ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2;
@ -1379,7 +1382,7 @@ usage() # $1 = exit status
echo " allow <address> ..."
echo " check [ -e ] [ <directory> ]"
echo " clear [ -f ]"
echo " compile [ -e ] [ <directory name> ] <path name>"
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..."
echo " dump [ -x ]"

View File

@ -539,7 +539,7 @@ compile_command() {
finished=0
while [ $finished -eq 0 ]; do
[ $# -eq 0 ] && usage 1
[ $# -eq 0 ] && break;
option=$1
case $option in
-*)
@ -585,6 +585,9 @@ compile_command() {
file=
case $# in
0)
file=${VARDIR}/firewall
;;
1)
file=$1
[ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2;
@ -1359,7 +1362,7 @@ usage() # $1 = exit status
echo " allow <address> ..."
echo " check [ -e ] [ <directory> ]"
echo " clear [ -f ]"
echo " compile [ -e ] [ <directory name> ] <path name>"
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..."
echo " dump [ -x ]"

View File

@ -56,8 +56,6 @@
<arg><option>-e</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
@ -88,15 +86,13 @@
<arg><option>-e</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>pathname</replaceable></arg>
<arg choice="opt"><replaceable>pathname</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -150,8 +146,7 @@
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>export</option><arg><option>-C</option>
<option>{shell|perl}</option></arg></arg>
<arg choice="plain"><option>export</option></arg>
<arg choice="opt"><replaceable>directory1</replaceable></arg>
@ -239,8 +234,6 @@
<arg><option>-r</option> <replaceable>root-user-name</replaceable></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
@ -326,8 +319,6 @@
<arg><option>-r</option> <replaceable>root-user-name</replaceable></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>system</replaceable></arg>
@ -360,8 +351,6 @@
<arg><option>-f</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><replaceable>directory</replaceable></arg>
</cmdsynopsis>
@ -388,8 +377,6 @@
<arg choice="plain"><option>safe-restart</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
@ -406,8 +393,6 @@
<arg choice="plain"><option>safe-start</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><option>-d</option></arg>
<arg><option>-p</option></arg>
@ -525,8 +510,6 @@
<arg><option>-n</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg><option>-f</option></arg>
<arg><option>-n</option></arg>
@ -566,8 +549,6 @@
<arg choice="plain"><option>try</option></arg>
<arg><option>-C</option> <option>{shell|perl}</option></arg>
<arg choice="plain"><replaceable>directory</replaceable></arg>
<arg><replaceable>timeout</replaceable></arg>
@ -678,12 +659,6 @@
-f capabilities &gt; capabilities</emphasis> on a system with
Shorewall Lite installed.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
<para>The <option>-d</option> option only works when the compiler is
Shorewall-perl. It causes the compiler to be run under control of
the Perl debugger.</para>
@ -718,7 +693,10 @@
<listitem>
<para>Compiles the current configuration into the executable file
<emphasis>pathname</emphasis>. If a directory is supplied, Shorewall
will look in that directory first for configuration files.</para>
will look in that directory first for configuration files. If the
<emphasis>pathname</emphasis> is omitted, the file
<filename>firewall</filename> in the VARDIR (normally <filename
class="directory">/var/lib/shorewall/</filename>) is assumed.</para>
<para>When -e is specified, the compilation is being performed on a
system other than where the compiled script will run. This option
@ -730,12 +708,6 @@
capabilities</emphasis> on a system with Shorewall Lite
installed</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
<para>The <option>-d</option> option only works when the compiler is
Shorewall-perl. It causes the compiler to be run under control of
the Perl debugger.</para>
@ -792,12 +764,6 @@
<para>If <emphasis>directory1</emphasis> is omitted, the current
working directory is assumed.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
<para>Allows a non-root user to compile a shorewall script and stage
it on a system (provided that the user has access to the system via
ssh). The command is equivalent to:</para>
@ -905,12 +871,6 @@
<para>If <option>-r</option> is included, it specifies that the root
user on <replaceable>system</replaceable> is named
<replaceable>root-user-name</replaceable> rather than "root".</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
</listitem>
</varlistentry>
@ -1036,12 +996,6 @@
<para>If <option>-r</option> is included, it specifies that the root
user on <replaceable>system</replaceable> is named
<replaceable>root-user-name</replaceable> rather than "root".</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
</listitem>
</varlistentry>
@ -1075,22 +1029,6 @@
<para>The <option>-f</option> option suppresses the compilation step
and simply reused the compiled script which last started/restarted
Shorewall.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
<warning>
<para>If you use Shorewall's multi-ISP feature, you are stronly
advised against using the -C option of the
<command>restart</command> command when switching between
Shorewall-shell and Shorewall-perl. The only supported way to
switch compilers is to <command>shorewall stop</command> followed
by <command>shorewall start -C</command>
<replaceable>compiler</replaceable></para>
</warning>
</listitem>
</varlistentry>
@ -1123,22 +1061,6 @@
configuration is restored from the saved configuration. If a
directory is given, then Shorewall will look in that directory first
when opening configuration files.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
<warning>
<para>If you use Shorewall's multi-ISP feature, you are stronly
advised against using the -C option of the
<command>safe-restart</command> command when switching between
Shorewall-shell and Shorewall-perl. The only supported way to
switch compilers is to <command>shorewall stop</command> followed
by <command>shorewall safe-start -C</command>
<replaceable>compiler</replaceable></para>
</warning>
</listitem>
</varlistentry>
@ -1153,12 +1075,6 @@
shorewall clear is performed for you. If a directory is given, then
Shorewall will look in that directory first when opening
configuration files.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
</listitem>
</varlistentry>
@ -1363,12 +1279,6 @@
<para>The <option>-p</option> option causes the connection tracking
table to be flushed; the <command>conntrack</command> utility must
be installed to use this option.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
</listitem>
</varlistentry>
@ -1428,12 +1338,6 @@
role="bold">clear</emphasis> or <emphasis
role="bold">restore</emphasis> is performed after
<replaceable>timeout</replaceable> seconds.</para>
<para>The <option>-C</option> option determines the compiler to use
(Shorewall-shell or Shorewall-perl). If not specified, the
SHOREWALL_COMPILER setting in <ulink
url="shorewall.conf.html">shorewall.conf</ulink>(5) determines the
compiler to use.</para>
</listitem>
</varlistentry>

View File

@ -75,7 +75,7 @@
<arg><replaceable>directory</replaceable></arg>
<arg choice="plain"><replaceable>pathname</replaceable></arg>
<arg choice="opt"><replaceable>pathname</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -573,7 +573,9 @@
<para>Compiles the current configuration into the executable file
<emphasis>pathname</emphasis>. If a directory is supplied,
Shorewall6 will look in that directory first for configuration
files.</para>
files. If the <emphasis>pathname</emphasis> is omitted, the file
firewall in the VARDIR (normally <filename
class="directory">/var/lib/shorewall/</filename>) is assumed.</para>
<para>When -e is specified, the compilation is being performed on a
system other than where the compiled script will run. This option