From edccc948e4c07f7eda14177c17417888b3e5cf3a Mon Sep 17 00:00:00 2001 From: teastep Date: Sun, 4 Feb 2007 16:44:37 +0000 Subject: [PATCH] More /etc/shorewall/params documentation updates git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/CompiledPrograms.xml | 6 ++-- docs/configuration_file_basics.xml | 50 +++++++----------------------- 2 files changed, 14 insertions(+), 42 deletions(-) diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index 0057a8845..c472dfe30 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -123,9 +123,9 @@ You must install Shorewall Lite on the system where you want to run the script. You then install the compiled program in - /usr/share/shorewall/firewall and use the /sbin/shorewall program - included with Shorewall Lite to control the firewall just as if the - full Shorewall distribution was installed. + /usr/share/shorewall-lite/firewall and use the /sbin/shorewall-lite + program included with Shorewall Lite to control the firewall just as + if the full Shorewall distribution was installed. diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 451a8d953..107bc59cc 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -713,52 +713,24 @@ DNAT net loc:192.168.1.3 tcp 4000:4100 - Beginning with Shorewall version 3.2.9, the + In Shorewall 3.2, the /etc/shorewall/params + file is processed by the compiler at compile-time and by the compiled + script at run-time. Beginning with Shorewall version 3.2.9, the /etc/shorewall/params file is pre-processed in such a way that extra white-space is compressed from the file as it is being copied into the generated compiler output. So the code in /etc/shorewall/params should not depend on precise white-space, including whitespace within quoted strings. + + + Beginning with Shorewall 3.4.0 RC2, + /etc/shorewall/params is no longer processed by + the compiled script. If you need to set shell variables for use by + your run-time extension script, then set those variables in your + /etc/shorewall/init file. + - - One possible use of this feature is to compensate for recent Linux - behavior in which the identity of network interfaces varies from boot to - boot (what is eth0 after one boot - may be eth1 after the next). - SUSE users, for example, can take the following - approach: - - wookie:~ # lspci -0000:00:00.0 Host bridge: VIA Technologies, Inc. VT82C598 [Apollo MVP3] (rev 04) -0000:00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x AGP] -0000:00:03.0 Ethernet controller: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 01) -0000:00:04.0 Ethernet controller: Lite-On Communications Inc LNE100TX (rev 20) -0000:00:05.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41) -0000:00:14.0 ISA bridge: VIA Technologies, Inc. VT82C586/A/B PCI-to-ISA [Apollo VP] (rev 45) -0000:00:14.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06) -0000:00:14.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 02) -0000:00:14.3 Bridge: VIA Technologies, Inc. VT82C586B ACPI (rev 10) -0000:01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage LT Pro AGP-133 (rev dc) -wookie:~ # - - If the firewall's external interface is the DECchip controller at - 0000:00:05.0 and the internal interface is the Ethernet Pro 100 at - 0000:00:03.0, then the following entries in - /etc/shorewall/params will set EXT_IF and INT_IF to - the names of these two controllers respectively: - - EXT_IF=$(getcfg-interface bus-pci-0000:00:05.0) -INT_IF=$(getcfg-interface bus-pci-0000:00:03.0) - - - The shorewall save and shorewall - restore commands should be used carefully if you use the above - workaround for unstable interface names. In particular, you should set - OPTIONS="" in /etc/default/shorewall or - /etc/sysconfig/shorewall so that the "-f" option - will not be specified on startup at boot time. -