forked from extern/shorewall_code
Process config options in file order during update.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
b13014c9ab
commit
037fe490f3
@ -5432,6 +5432,7 @@ EOF
|
|||||||
sub process_shorewall_conf( $$ ) {
|
sub process_shorewall_conf( $$ ) {
|
||||||
my ( $update, $annotate ) = @_;
|
my ( $update, $annotate ) = @_;
|
||||||
my $file = find_file "$product.conf";
|
my $file = find_file "$product.conf";
|
||||||
|
my @vars;
|
||||||
|
|
||||||
if ( -f $file ) {
|
if ( -f $file ) {
|
||||||
$globals{CONFIGDIR} = $configfile = $file;
|
$globals{CONFIGDIR} = $configfile = $file;
|
||||||
@ -5448,8 +5449,6 @@ sub process_shorewall_conf( $$ ) {
|
|||||||
if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*)$/ ) {
|
if ( $currentline =~ /^\s*([a-zA-Z]\w*)=(.*)$/ ) {
|
||||||
my ($var, $val) = ($1, $2);
|
my ($var, $val) = ($1, $2);
|
||||||
|
|
||||||
expand_variables( $val ) unless $update || $val =~ /^'.*'$/;
|
|
||||||
|
|
||||||
if ( exists $config{$var} ) {
|
if ( exists $config{$var} ) {
|
||||||
if ( $eliminated{$var} && ! $update ) {
|
if ( $eliminated{$var} && ! $update ) {
|
||||||
fatal_error "The $var configuration option has been superceded - please run '$product update'";
|
fatal_error "The $var configuration option has been superceded - please run '$product update'";
|
||||||
@ -5466,6 +5465,11 @@ sub process_shorewall_conf( $$ ) {
|
|||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( $update ) {
|
||||||
|
push @vars, $var;
|
||||||
|
} else {
|
||||||
|
expand_variables( $val ) unless $val =~ /^'.*'$/;
|
||||||
|
}
|
||||||
|
|
||||||
$config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val );
|
$config{$var} = ( $val =~ /\"([^\"]*)\"$/ ? $1 : $val );
|
||||||
|
|
||||||
@ -5493,19 +5497,12 @@ sub process_shorewall_conf( $$ ) {
|
|||||||
# Config file update requires that the option values not have
|
# Config file update requires that the option values not have
|
||||||
# Shell variables expanded. We do that now.
|
# Shell variables expanded. We do that now.
|
||||||
#
|
#
|
||||||
# We must first make LOG_LEVEL a variable because the order in which
|
# To handle options like LOG_LEVEL, we process the options
|
||||||
# the values are processed below is not the order in which they appear
|
# in the order in which they appear in the .conf file.
|
||||||
# in the config file.
|
|
||||||
#
|
#
|
||||||
$config{LOG_LEVEL} = '' unless defined $config{LOG_LEVEL};
|
for ( @vars ) {
|
||||||
|
if ( supplied( my $val = $config{$_} ) ) {
|
||||||
my %log_level = ( LOG_LEVEL => $config{LOG_LEVEL} );
|
expand_variables( $config{$_} ) unless $val =~ /^'.*'$/;
|
||||||
|
|
||||||
add_variables( %log_level );
|
|
||||||
|
|
||||||
for ( values %config ) {
|
|
||||||
if ( supplied $_ ) {
|
|
||||||
expand_variables( $_ ) unless /^'.*'$/;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
21
docs/KVM.xml
21
docs/KVM.xml
@ -50,7 +50,7 @@
|
|||||||
Linux Distributions. The following diagram shows the entire
|
Linux Distributions. The following diagram shows the entire
|
||||||
network.</para>
|
network.</para>
|
||||||
|
|
||||||
<graphic align="center" fileref="images/Network2008a.png" />
|
<graphic align="center" fileref="images/Network2008a.png"/>
|
||||||
|
|
||||||
<para>My personal laptop (Ursa) hosts the virtual machines. As shown in
|
<para>My personal laptop (Ursa) hosts the virtual machines. As shown in
|
||||||
the diagram, Ursa has routes to the Internet through both the
|
the diagram, Ursa has routes to the Internet through both the
|
||||||
@ -66,12 +66,12 @@
|
|||||||
<section>
|
<section>
|
||||||
<title>Networking Configuration</title>
|
<title>Networking Configuration</title>
|
||||||
|
|
||||||
<para>I use a network configuration where each VM has its own VNET and
|
<para>I use a network configuration where each VM has its own VNET and tap
|
||||||
tap device and the tap devices are all configured as ports on a Linux
|
device and the tap devices are all configured as ports on a Linux Bridge.
|
||||||
Bridge. For clarity, I've only shown four of the virtual machines
|
For clarity, I've only shown four of the virtual machines available on the
|
||||||
available on the system.</para>
|
system.</para>
|
||||||
|
|
||||||
<graphic align="center" fileref="images/KVM1.png" />
|
<graphic align="center" fileref="images/KVM1.png"/>
|
||||||
|
|
||||||
<para>I run <ulink url="???">dmsmasq</ulink> to act as a DHCP server and
|
<para>I run <ulink url="???">dmsmasq</ulink> to act as a DHCP server and
|
||||||
name server for the VMs.</para>
|
name server for the VMs.</para>
|
||||||
@ -82,11 +82,10 @@
|
|||||||
|
|
||||||
<para>With this configuration, and with only a single network interface on
|
<para>With this configuration, and with only a single network interface on
|
||||||
the laptop, this is just a simple <ulink
|
the laptop, this is just a simple <ulink
|
||||||
url="two-interface.html">two-interface masquerading setup</ulink> where
|
url="two-interface.htm">two-interface masquerading setup</ulink> where the
|
||||||
the local network interface is <filename
|
local network interface is <filename class="devicefile">br0</filename>. As
|
||||||
class="devicefile">br0</filename>. As with all bridges, <filename
|
with all bridges, <filename class="devicefile">br0</filename> must be
|
||||||
class="devicefile">br0</filename> must be configured with the
|
configured with the <option>routeback</option> option in <ulink
|
||||||
<option>routeback</option> option in <ulink
|
|
||||||
url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
|
url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>(5).</para>
|
||||||
|
|
||||||
<para>For additional information about this setup, including the Shorewall
|
<para>For additional information about this setup, including the Shorewall
|
||||||
|
Loading…
Reference in New Issue
Block a user