diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 685317efd..8674d94ff 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -945,9 +945,23 @@ sub ensure_accounting_chain( $ ) if ( $chainref ) { fatal_error "Non-accounting chain ($chain) used in accounting rule" unless $chainref->{accounting}; } else { - $chainref = new_chain 'filter' , $chain unless $chainref; + $chainref = new_chain 'filter' , $chain; $chainref->{accounting} = 1; $chainref->{referenced} = 1; + + my $file = find_file $chain; + + if ( -f $file ) { + progress_message "Processing $file..."; + + my ( $level, $tag ) = ( '', '' ); + + unless ( my $return = eval `cat $file` ) { + fatal_error "Couldn't parse $file: $@" if $@; + fatal_error "Couldn't do $file: $!" unless defined $return; + fatal_error "Couldn't run $file" unless $return; + } + } } $chainref; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index dafa35954..578f1fc53 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -26,6 +26,8 @@ Changes in Shorewall 4.4.2 12) Change 'wait4ifup' so that it requires no PATH +13) Allow extension scripts for accounting chains. + Changes in Shorewall 4.4.1 1) Deleted extra 'use ...IPAddrs.pm' from Nat.pm. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index ed7c7f8a1..cabec0d41 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -246,6 +246,14 @@ None. /etc/shorewall/rules and must be empty in macros invoked from an action. +3) Accounting chains may now have extension scripts. Simply place your + Perl script in the file /etc/shorewall/ and when the + accounting chain named is created, your script will be + invoked. + + As usual, the variable $chainref will contain a reference to the + chain's table entry. + ---------------------------------------------------------------------------- N E W F E A T U R E S I N 4 . 4 . 0 ----------------------------------------------------------------------------