From df4ba9ffeab67c7cb1a6b5ddb08746d134137b02 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 9 Mar 2006 21:02:15 +0000 Subject: [PATCH] Update Compiled Programs doc git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3637 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/CompiledPrograms.xml | 68 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index a0d47da9a..2728eaf3a 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -15,7 +15,7 @@ - 2006-02-28 + 2006-03-09 2006 @@ -48,6 +48,63 @@ browsing between the hours of 9pm and 7AM. The program can be run as a cron job at 9PM and another program run at 6AM to restore normal operation. + +
+ Restrictions + + While compiled Shorewall programs are useful in many cases, there + are some important restrictions that you should be aware of before + attempting to use them. + + + + The detectnets interface + option is not supported. + + + + All extension scripts used are copied into the program. The + ramifications of this are: + + + + If you update an extension script, the compiled program + will not use the updated script. + + + + The /etc/shorewall/params extension + script is executed at compile time as well as at run + time. + + Running the script at compile time allows variable + expansion (expanding $variable to it's defined value) of + variables used in Shorewall configuration files to occur at + compile time. Running it at run-time allows your extension + scripts to use the variables that it creates. BUT -- for any + given variable, the value at compile time may be different from + the value at run-time unless you only assign constant + values. + + For example, if you have: + + EXT_IP=$(get_first_interface_address eth0) + + in /etc/shorewall/params then all + occurrences of $EXT_IP in Shorewall configuration files will be + replaced with eth0's IP address when the program is being + compiled. On the other hand, if you use $EXT_IP in your + /etc/shorewall/start script, the value will be the IP address of + eth0 when the program is run. + + Bottom line: You probably want to use only constant values + for variables set in + /etc/shorewall/params. + + + + +
@@ -88,12 +145,19 @@ is normally used with "-e" and specifies the Linux distribution that is running on the remote system. The program - will be taylored so that it integrates with the intialization + will be tailored so that it integrates with the initialization script system (init) on that system. Distributions currently supported are: suse + + redhat + + debian (Note that Debian compiled programs may not be + installed directly into /etc/init.d — they require the + soon-to-be-released Shorewall-minimal Debian package.