Add EXPORTPARAMS option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5376 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-09 16:15:08 +00:00
parent 567b2f37f9
commit fd1c74ca9f
5 changed files with 26 additions and 33 deletions

View File

@ -13,9 +13,11 @@ Changes in 3.4.0 RC 1
4) Allow ranges and ipset names in the ADDRESSES column of maclist 4) Allow ranges and ipset names in the ADDRESSES column of maclist
file. file.
5) Fix INCLUDE in extension scripts and /etc/shorewall/params. 5) Add helpers for SIP to the modules file.
6) Add helpers for SIP to the modules file. 6) Only copy /etc/shorewall/params to output if non-export.
7) Add EXPORTPARAMS option
Changes in 3.4.0 Beta 3 Changes in 3.4.0 Beta 3

View File

@ -5092,7 +5092,7 @@ __EOF__
__EOF__ __EOF__
fi fi
append_file params [ -n "$EXPORTPARAMS" -o -z "$EXPORT" ] && append_file params
cat >&3 << __EOF__ cat >&3 << __EOF__

View File

@ -1804,6 +1804,7 @@ do_initialize() {
HIGH_ROUTE_MARKS= HIGH_ROUTE_MARKS=
USE_ACTIONS= USE_ACTIONS=
OPTIMIZE= OPTIMIZE=
EXPORTPARAMS=
# #
# Packet Disposition # Packet Disposition
# #
@ -2027,6 +2028,7 @@ do_initialize() {
HIGH_ROUTE_MARKS=$(added_param_value_no HIGH_ROUTE_MARKS $HIGH_ROUTE_MARKS) HIGH_ROUTE_MARKS=$(added_param_value_no HIGH_ROUTE_MARKS $HIGH_ROUTE_MARKS)
TC_EXPERT=$(added_param_value_no TC_EXPERT $TC_EXPERT) TC_EXPERT=$(added_param_value_no TC_EXPERT $TC_EXPERT)
USE_ACTIONS=$(added_param_value_yes USE_ACTIONS $USE_ACTIONS) USE_ACTIONS=$(added_param_value_yes USE_ACTIONS $USE_ACTIONS)
EXPORTPARAMS=$(added_param_value_yes EXPORTPARAMS $EXPORTPARAMS)
[ -n "$USE_ACTIONS" ] && lib_load actions "USE_ACTIONS=Yes" [ -n "$USE_ACTIONS" ] && lib_load actions "USE_ACTIONS=Yes"
[ -n "$XCONNMARK_MATCH" ] || XCONNMARK= [ -n "$XCONNMARK_MATCH" ] || XCONNMARK=

View File

@ -34,13 +34,24 @@ Problems Corrected in 3.4.0 RC2
automatically loaded by Shorewall. They have now been added to the automatically loaded by Shorewall. They have now been added to the
/usr/share/shorewall[-lite]/modules files. /usr/share/shorewall[-lite]/modules files.
2) If "INCLUDE <filename>" appeared in /etc/shorewall/params then 2) It is very difficult to code a 'params' file that assigns other
run-time errors occurred. This has been corrected. Note that if you than constant values such that it works correctly with Shorewall
use INCLUDE in your params file in an export directory then the Lite. To work around this problem, a new EXPORTPARAMS option
included file must also be available on the firewall system in has been added to shorewall.conf. When EXPORTPARAMS=No, the
/etc/shorewall-lite/. 'params' file is no longer copied to the compiler output when the
'-e' flag is present.
Other Changes in 3.4.0 RC 1 With EXPORTPARAMS=No, uf you need to set environmental variables on
the firewall system for use by your extension scripts, then do so
in the init extension script.
The default is EXPORTPARAMS=Yes to retain the current behavior.
This fix is brought forward from Shorewall version 3.2.9.
Other Changes in 3.4.0 RC 2
None.
Migration Considerations: Migration Considerations:
@ -133,30 +144,6 @@ http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.8/releasenotes.txt
/etc/shorewall-lite/shorewall-lite.conf. When you upgrade, /etc/shorewall-lite/shorewall-lite.conf. When you upgrade,
your shorewall.conf file will be renamed shorewall-lite.conf. your shorewall.conf file will be renamed shorewall-lite.conf.
6) This issue only applies if you set shell variables in
/etc/shorewall/params.
Beginning with Shorewall 3.4.0, Shorewall will only process
/etc/shorewall/params during the compile phase. Any shell variables
needed at run-time by your extension scripts must be set in
/etc/shorewall/init.
In a Shorewall/Shorewall Lite environment, this allows
/etc/shorewall/params to be written to run exclusively
on the administrative system while /etc/shorewall/init runs
exclusively on the firewall system.
So shell variables required at compile time may be set in
/etc/shorewall/params and those required at run-time may be set in
/etc/shorewall/init.
As part of this change, extra white space is no longer removed from
/etc/shorewall/params as it was in RC1.
The /etc/shorewall/compile extension script introduced in Shorewall
3.2.9 will continue to be supported but its use is deprecated since
it now performs the same function as /etc/shorewall/params.
New Features in Shorewall 3.4: New Features in Shorewall 3.4:
1) In order to accomodate small embedded applications, Shorewall 3.4 1) In order to accomodate small embedded applications, Shorewall 3.4

View File

@ -145,6 +145,8 @@ USE_ACTIONS=Yes
OPTIMIZE=0 OPTIMIZE=0
EXPORTPARAMS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################