mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 14:20:40 +01:00
Update docs for inline scripts
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7551 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
d00d455930
commit
fe10bfcd0f
@ -425,6 +425,83 @@ smtp,www,pop3,imap #Services running on the firewall</programlisting>
|
|||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id="Inline">
|
||||||
|
<title>Inline Shell and Perl (Added in Shorewall-perl 4.0.6)</title>
|
||||||
|
|
||||||
|
<para>Earlier versions of Shorewall offered <ulink
|
||||||
|
url="shorewall_extension_scripts.htm">extension scripts</ulink> to allow
|
||||||
|
users to extend Shorewall's functionality. Extension scripts were designed
|
||||||
|
to work under the limitations of the Bourne Shell. With Shorewall-perl,
|
||||||
|
<firstterm>inline scripts</firstterm> offer a richer and more flexible
|
||||||
|
extension capability.</para>
|
||||||
|
|
||||||
|
<para>While inline scripts scripts may be written in either Shell or Perl,
|
||||||
|
those written in Perl have a lot more power.</para>
|
||||||
|
|
||||||
|
<para>Inline scripts can be either single-line or multi-line. Single line
|
||||||
|
scripts take one of the following forms:</para>
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis role="bold">PERL</emphasis> <<emphasis>perl
|
||||||
|
script</emphasis>></para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis role="bold">SHELL</emphasis> <<emphasis>shell
|
||||||
|
script</emphasis>></para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
<para>Shell scripts run in a child shell process and their output is piped
|
||||||
|
back to the compiler which processes that output as if it were embedded at
|
||||||
|
the point of the script.</para>
|
||||||
|
|
||||||
|
<para>Example: The following entries in
|
||||||
|
<filename>/etc/shorewall/rules</filename> are equivalent:<programlisting>SHELL for z in net loc dmz; do echo "ACCEPT $z fw tcp 22"; done</programlisting><programlisting>ACCEPT net fw tcp 22
|
||||||
|
ACCEPT loc fw tcp 22
|
||||||
|
ACCEPT dmz fw tcp 22</programlisting></para>
|
||||||
|
|
||||||
|
<para>Perl scripts run in the context of of the compiler process. To
|
||||||
|
produce output that will be processed by the compiler as if it were
|
||||||
|
embedded in the file at the point of the script, pass that output to the
|
||||||
|
shorewall() function. The Perl equivalent of the above SHELL script would
|
||||||
|
be:<programlisting>PERL for ( qw/net loc dmz/ ) { shorewall "ACCEPT $_ fw tcp 22"; }</programlisting>Perl
|
||||||
|
scripts are implicitly prefixed by the following:</para>
|
||||||
|
|
||||||
|
<programlisting>package Shorewall::User;
|
||||||
|
use Shorewall::Config qw/shorewall/;</programlisting>
|
||||||
|
|
||||||
|
<para>As part of the change that added inline scripts:</para>
|
||||||
|
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Compile-time extension scripts are also implicitly prefixed by
|
||||||
|
"package Shorewall::User;".</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>A <emphasis role="bold">compile</emphasis> extension script was
|
||||||
|
added for use by Shorewall-perl. That script is run early in the
|
||||||
|
compilation process and allows users to load additional modules and to
|
||||||
|
define data and functions for use in subsequent inline scripts and
|
||||||
|
extension scripts.</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
|
||||||
|
<para>Multi-line scripts use one of the following forms:<programlisting><emphasis
|
||||||
|
role="bold">BEGIN SHELL</emphasis>
|
||||||
|
<shell script>
|
||||||
|
<emphasis role="bold">END</emphasis> [ <emphasis role="bold">SHELL</emphasis> ] [<emphasis
|
||||||
|
role="bold">;</emphasis>]</programlisting><programlisting><emphasis
|
||||||
|
role="bold">BEGIN PERL</emphasis> [;]
|
||||||
|
<<emphasis>perl script</emphasis>>
|
||||||
|
<emphasis role="bold">END</emphasis> [ <emphasis role="bold">PERL</emphasis> ] [<emphasis
|
||||||
|
role="bold">;</emphasis>]</programlisting></para>
|
||||||
|
|
||||||
|
<para></para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section id="dnsnames">
|
<section id="dnsnames">
|
||||||
<title>Using DNS Names</title>
|
<title>Using DNS Names</title>
|
||||||
|
|
||||||
|
@ -68,6 +68,12 @@
|
|||||||
<para>The following scripts can be supplied:</para>
|
<para>The following scripts can be supplied:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>compile -- (Added in Shorewall-perl version 4.0.6). Invoked by
|
||||||
|
the Shorewall-perl compiler early in the compilation process. Must be
|
||||||
|
written in Perl.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>init -- invoked early in <quote>shorewall start</quote> and
|
<para>init -- invoked early in <quote>shorewall start</quote> and
|
||||||
<quote>shorewall restart</quote></para>
|
<quote>shorewall restart</quote></para>
|
||||||
@ -317,7 +323,7 @@ esac</programlisting><caution>
|
|||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>initdone</entry>
|
<entry>compile</entry>
|
||||||
|
|
||||||
<entry>clear</entry>
|
<entry>clear</entry>
|
||||||
|
|
||||||
@ -325,7 +331,7 @@ esac</programlisting><caution>
|
|||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>maclog</entry>
|
<entry>initdone</entry>
|
||||||
|
|
||||||
<entry>isusable</entry>
|
<entry>isusable</entry>
|
||||||
|
|
||||||
@ -333,8 +339,7 @@ esac</programlisting><caution>
|
|||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry>Per-chain (including those associated with
|
<entry>maclog</entry>
|
||||||
actions)</entry>
|
|
||||||
|
|
||||||
<entry>start</entry>
|
<entry>start</entry>
|
||||||
|
|
||||||
@ -342,7 +347,8 @@ esac</programlisting><caution>
|
|||||||
</row>
|
</row>
|
||||||
|
|
||||||
<row>
|
<row>
|
||||||
<entry></entry>
|
<entry>Per-chain (including those associated with
|
||||||
|
actions)</entry>
|
||||||
|
|
||||||
<entry>started</entry>
|
<entry>started</entry>
|
||||||
|
|
||||||
@ -391,7 +397,12 @@ esac</programlisting><caution>
|
|||||||
script returns a 'true' value; otherwise, the compiler will assume that
|
script returns a 'true' value; otherwise, the compiler will assume that
|
||||||
the script failed and will abort the compilation.</para>
|
the script failed and will abort the compilation.</para>
|
||||||
|
|
||||||
<para>All scripts will need to begin with the following
|
<para>Beginning with Shorewall version 4.0.6, each compile-time script
|
||||||
|
is implicitly prefaced with:</para>
|
||||||
|
|
||||||
|
<programlisting>package Shorewall::User;</programlisting>
|
||||||
|
|
||||||
|
<para>Most scripts will need to begin with the following
|
||||||
line:<programlisting>use Shorewall::Chains;</programlisting>For more
|
line:<programlisting>use Shorewall::Chains;</programlisting>For more
|
||||||
complex scripts, you may need to 'use' other Shorewall Perl modules --
|
complex scripts, you may need to 'use' other Shorewall Perl modules --
|
||||||
browse <filename
|
browse <filename
|
||||||
|
Loading…
Reference in New Issue
Block a user