From 14839970ba37e811488d2b790091be56741b0f8b Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sat, 9 Dec 2006 18:12:19 +0000
Subject: [PATCH] Reorganize initialization of global variables

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5069 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/lib.config     | 126 +++++++++++++++++++++------------------
 Shorewall/shorewall.conf |   3 +
 2 files changed, 70 insertions(+), 59 deletions(-)

diff --git a/Shorewall/lib.config b/Shorewall/lib.config
index ae948fae6..995e8d192 100644
--- a/Shorewall/lib.config
+++ b/Shorewall/lib.config
@@ -1729,75 +1729,88 @@ do_initialize() {
     # Clear all configuration variables
     #
     VERSION=
-    IPTABLES=
-    FW=
-    SUBSYSLOCK=
-    ALLOWRELATED=Yes
+    #
+    # Logging
+    #
+    LOGFILE=
+    LOGFORMAT=
+    LOGTAGONLY=
     LOGRATE=
     LOGBURST=
-    ADD_IP_ALIASES=
-    ADD_SNAT_ALIASES=
-    TC_ENABLED=
-    BLACKLIST_DISPOSITION=
+    LOGALLNEW=
     BLACKLIST_LOGLEVEL=
-    CLAMPMSS=
-    ROUTE_FILTER=
-    LOG_MARTIANS=
-    DETECT_DNAT_IPADDRS=
-    MUTEX_TIMEOUT=
-    FORWARDPING=
-    MACLIST_DISPOSITION=
     MACLIST_LOG_LEVEL=
-    TCP_FLAGS_DISPOSITION=
     TCP_FLAGS_LOG_LEVEL=
     RFC1918_LOG_LEVEL=
-    MARK_IN_FORWARD_CHAIN=
-    VERSION_FILE=
-    LOGFORMAT=
-    LOGRULENUMBERS=
-    ADMINISABSENTMINDED=
-    BLACKLISTNEWONLY=
-    MODULE_SUFFIX=
-    ACTIONS=
-    USEDACTIONS=
     SMURF_LOG_LEVEL=
-    DISABLE_IPV6=
-    BRIDGING=
-    DYNAMIC_ZONES=
-    PKTTYPE=
-    USEPKTYPE=
-    RETAIN_ALIASES=
-    DELAYBLACKLISTLOAD=
-    LOGTAGONLY=
-    LOGALLNEW=
-    RFC1918_STRICT=
-    MACLIST_TTL=
-    SAVE_IPSETS=
-    RESTOREFILE=
-    MAPOLDACTIONS=
-    IMPLICIT_CONTINUE=
-    HIGH_ROUTE_MARKS=
-    TC_EXPERT=
+    LOG_MARTIANS=
+    #
+    # Location of files
+    #
+    IPTABLES=
+    #PATH is inherited
+    SHOREWALL_SHELL=
+    SUBSYSLOCK=
     MODULESDIR=
+    #CONFIG_PATH is inherited
+    RESTOREFILE=
     IPSECFILE=
-    IP_FORWARDING=
-    CLEAR_TC=
-    MACLIST_TABLE=
-    FASTACCEPT=
-    USE_ACTIONS=
+    #
+    # Default Actions/Macros
+    #
     DROP_DEFAULT=
     REJECT_DEFAULT=
     ACCEPT_DEFAULT=
     QUEUE_DEFAULT=
+    #
+    # Firewall Options
+    #
+    IP_FORWARDING=
+    ADD_IP_ALIASES=
+    ADD_SNAT_ALIASES=
+    RETAIN_ALIASES=
+    TC_ENABLED=
+    TC_EXPERT=
+    CLEAR_TC=
+    MARK_IN_FORWARD_CHAIN=
+    CLAMPMSS=
+    ROUTE_FILTER=
+    DETECT_DNAT_IPADDRS=
+    MUTEX_TIMEOUT=
+    ADMINISABSENTMINDED=
+    BLACKLISTNEWONLY=
+    DELAYBLACKLISTLOAD=
+    MODULE_SUFFIX=
+    DISABLE_IPV6=
+    BRIDGING=
+    DYNAMIC_ZONES=
+    PKTTYPE=
+    RFC1918_STRICT=
+    MACLIST_TABLE=
+    MACLIST_TTL=
+    SAVE_IPSETS=
+    MAPOLDACTIONS=
+    FASTACCEPT=
+    IMPLICIT_CONTINUE=
+    HIGH_ROUTE_MARKS=
+    USE_ACTIONS=
     OPTIMIZE=
-
+    #
+    # Packet Disposition
+    #
+    MACLIST_DISPOSITION=
+    TCP_FLAGS_DISPOSITION=
+    BLACKLIST_DISPOSITION=
+    #
+    # Other Globals
+    #
+    FW=
+    USEPKTYPE=
     LOGLIMIT=
     LOGPARMS=
     OUTPUT=
-    TMP_DIR=
     ALL_INTERFACES=
     ROUTEMARK_INTERFACES=
-    IPSECMARK=256
     PROVIDERS=
     CRITICALHOSTS=
     EXCLUSION_SEQ=1
@@ -1807,9 +1820,12 @@ do_initialize() {
     SECTION=ESTABLISHED
     SECTIONS=
     ALL_PORTS=
+    ACTIONS=
+    USEDACTIONS=
     DEFAULT_MACROS=
     COMMENT=
-
+    VERSION_FILE=
+    LOGRULENUMBERS=
     TMP_DIR=$(mktempdir)
 
     [ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \
@@ -1880,11 +1896,6 @@ do_initialize() {
 	[ -f $f ] && . $f || fatal_error "The -e flag requires a capabilities file"
     fi
 
-    ALLOWRELATED="$(added_param_value_yes ALLOWRELATED $ALLOWRELATED)"
-    [ -n "$ALLOWRELATED" ] || \
-	fatal_error "ALLOWRELATED=No is not supported"
-    ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)"
-
     if [ -n "${LOGRATE}${LOGBURST}" ]; then
 	LOGLIMIT="--match limit"
 	[ -n "$LOGRATE" ]  && LOGLIMIT="$LOGLIMIT --limit $LOGRATE"
@@ -1917,9 +1928,6 @@ do_initialize() {
     ROUTE_FILTER=$(added_param_value_no ROUTE_FILTER $ROUTE_FILTER)
     LOG_MARTIANS=$(added_param_value_no LOG_MARTIANS $LOG_MARTIANS)
     DETECT_DNAT_IPADDRS=$(added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS)
-    FORWARDPING=$(added_param_value_no FORWARDPING $FORWARDPING)
-    [ -n "$FORWARDPING" ] && \
-	fatal_error "FORWARDPING=Yes is no longer supported"
 
     MACLIST_TARGET=reject
 
diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf
index 78d2df193..5bfff8be3 100644
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@@ -9,6 +9,9 @@
 #  (c) 1999,2000,2001,2002,2003,2004,2005 - Tom Eastep (teastep@shorewall.net)
 #
 #  For information about the settings in this file, type "man shorewall.conf"
+#
+#  Additional information is available at 
+#  http://www.shorewall.net/Documentation.htm#Conf
 ###############################################################################
 #		       S T A R T U P   E N A B L E D
 ###############################################################################