From 08f09d7de08faccfcfe62503866c0d2a0cbb31c9 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 9 Jan 2011 10:12:36 -0800 Subject: [PATCH] Deprecate EXPORTPARAMS --- Shorewall/Perl/Shorewall/Chains.pm | 2 +- Shorewall/Perl/Shorewall/Compiler.pm | 8 +++++-- Shorewall/Perl/Shorewall/Config.pm | 31 +++++++++++++++++++++++++++- Shorewall/changelog.txt | 6 +++++- Shorewall/configfiles/shorewall.conf | 2 +- Shorewall/releasenotes.txt | 4 +++- Shorewall6/shorewall6.conf | 2 +- docs/CompiledPrograms.xml | 12 +++++++---- docs/configuration_file_basics.xml | 9 +++++--- manpages/shorewall.conf.xml | 10 ++++++--- manpages6/shorewall6.conf.xml | 8 ++++++- 11 files changed, 75 insertions(+), 19 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 1e595e3cd..3fd72af4d 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -198,7 +198,7 @@ our %EXPORT_TAGS = ( Exporter::export_ok_tags('internal'); -our $VERSION = '4.4_16'; +our $VERSION = '4.4_17'; # # Chain Table diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index be4c16b8f..5d0274948 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -43,7 +43,7 @@ use Shorewall::Misc; our @ISA = qw(Exporter); our @EXPORT = qw( compiler ); our @EXPORT_OK = qw( $export ); -our $VERSION = '4.4_16'; +our $VERSION = '4.4_17'; our $export; @@ -229,7 +229,11 @@ sub generate_script_2() { set_chain_variables; - append_file 'params' if $config{EXPORTPARAMS}; + if ( $config{EXPORTPARAMS} ) { + append_file 'params'; + } else { + export_params; + } emit ( '', "g_stopping=", diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 389fc4276..7335e5684 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -98,6 +98,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script pop_open push_params pop_params + export_params read_a_line validate_level which @@ -135,7 +136,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script Exporter::export_ok_tags('internal'); -our $VERSION = '4.4_16'; +our $VERSION = '4.4_17'; # # describe the current command, it's present progressive, and it's completion. @@ -3024,6 +3025,34 @@ sub get_params() { } } +# +# emit param=value for each param set in the params file +# +sub export_params() { + # + # These are variables that the compiler adds to the hash + # + my %exclude = ( root => 1, + system => 1, + files => 1, + destination => 1, + command => 1, + FW => 1, + CONFDIR => 1 ); + + while ( my ( $param, $value ) = each %params ) { + next if $exclude{$param}; + # + # Don't export pairs from %ENV + # + if ( exists $ENV{$param} && defined $ENV{$param} ) { + next if $value eq $ENV{$param}; + } + + emit "$param='$value'"; + } +} + # # - Read the shorewall.conf file # - Read the capabilities file, if any diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index abd2400a7..c9bb281ea 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,6 +1,10 @@ Changes in Shorewall 4.4.17 Beta 1 -1) None. +1) Improve readability of logging logic in expand_rule(). + +2) Improve efficency of oddball targets in process_rule1(). + +3) Export (param,value) pairs with EXPORTPARAMS=No. Changes in Shorewall 4.4.16 RC 1 diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index aad11f48c..96e7b2ab6 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -152,7 +152,7 @@ HIGH_ROUTE_MARKS=No OPTIMIZE=0 -EXPORTPARAMS=Yes +EXPORTPARAMS=No EXPAND_POLICIES=Yes diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index cefb4c003..caf861e1d 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -27,7 +27,9 @@ None. I I I. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- -None. +1) The (param,value) pairs set in /etc/shorewall/params + (/etc/shorewall6/params) are now available at run-time with + EXPORTPARAMS=No. The EXPORTPARAMS parameter is now deprecated. ---------------------------------------------------------------------------- I V. R E L E A S E 4 . 4 H I G H L I G H T S diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf index 6d0f63f57..7a5bbbbbb 100644 --- a/Shorewall6/shorewall6.conf +++ b/Shorewall6/shorewall6.conf @@ -121,7 +121,7 @@ HIGH_ROUTE_MARKS=No OPTIMIZE=1 -EXPORTPARAMS=Yes +EXPORTPARAMS=No EXPAND_POLICIES=Yes diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index 83d61e813..252f64ac1 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -510,8 +510,10 @@ clean: The params file is not processed at run time if you set EXPORTPARAMS=No in shorewall.conf. For run-time setting of shell - variables, use the init extension - script. + variables, use the init extension script. + Beginning with Shorewall 4.4.17, the variables set in the + params file are available in the firewall + script when EXPORTPARAMS=No. If the params file needs to set shell variables based on the configuration of the firewall system, you @@ -612,8 +614,10 @@ clean: shorewall.conf. For run-time setting of shell variables, use the init extension script. Although the default setting is EXPORTPARAMS=Yes for - compatibility, the recommended setting is - EXPORTPARAMS=No. + compatibility, the recommended setting is EXPORTPARAMS=No. + Beginning with Shorewall 4.4.17, the variables set in the + params file are available in the firewall + script when EXPORTPARAMS=No. If the params file needs to set shell variables based on the configuration of the firewall system, you diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml index 9518dad46..04c23b5ac 100644 --- a/docs/configuration_file_basics.xml +++ b/docs/configuration_file_basics.xml @@ -649,7 +649,9 @@ ACCEPT net:\ shorewall.conf. That prevents the params file from being copied into the compiled script. With EXPORTPARAMS=No, it is perfectly okay to use INCLUDE in the - params file. + params file. Note that with Shorewall 4.4.17 and + later, the variables set at compile time are available at run-time even + with EXPORTPARAMS=No. @@ -860,8 +862,9 @@ SHELL cat /etc/shorewall/rules.d/*.rules run-time. If you have set EXPORTPARAMS=No in shorewall.conf, then the params file is only - processed by the compiler; it is not run by the compiled - script. + processed by the compiler; it is not run by the compiled script. + Beginning with Shorewall 4.4.17, the values of the variables set at + compile time are available at run time with EXPORTPRARMS=No. diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index 4c08bbe3e..189d6b4cd 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -548,9 +548,15 @@ net all DROP infothen the chain name is 'net2all' EXPORTPARAMS={Yes|No} + role="bold">Yes|No} + (Deprecated beginning with Shorewall 4.4.17) + Beginning with Shorewall 4.4.17, the variables set in the + 'params' file at compile time are available at run time with + EXPORTPARAMS=No. As a consequence, beginning with that version the + recommended setting is EXPORTPARAMS=No. + It is quite difficult to code a 'params' file that assigns other than constant values such that it works correctly with Shorewall Lite. The EXPORTPARAMS option works around this problem. @@ -583,8 +589,6 @@ net all DROP infothen the chain name is 'net2all' or RELATED sections of shorewall-rules(5). - - FASTACCEPT=Yes is incompatible with BLACKLISTNEWONLY=No. diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml index e4055df16..39cee1c93 100644 --- a/manpages6/shorewall6.conf.xml +++ b/manpages6/shorewall6.conf.xml @@ -465,9 +465,15 @@ net all DROP infothen the chain name is 'net2all' EXPORTPARAMS={Yes|No} + role="bold">Yes|No} + (Deprecated beginning with Shorewall 4.4.17) + Beginning with Shorewall 4.4.17, the variables set in the + 'params' file at compile time are available at run time with + EXPORTPARAMS=No. As a consequence, beginning with that version the + recommended setting is EXPORTPARAMS=No. + It is quite difficult to code a 'params' file that assigns other than constant values such that it works correctly with Shorewall6 Lite. The EXPORTPARAMS option works around this problem.