forked from extern/shorewall_code
Update the .conf file before validating ('update' command)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
ba7d5fd720
commit
1b3d7947b8
@ -593,7 +593,7 @@ sub compiler {
|
||||
#
|
||||
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
|
||||
#
|
||||
get_configuration( $export , $update );
|
||||
get_configuration( $export , $update , $annotate );
|
||||
|
||||
report_capabilities unless $config{LOAD_HELPERS_ONLY};
|
||||
|
||||
@ -890,11 +890,6 @@ sub compiler {
|
||||
process_routestopped;
|
||||
}
|
||||
|
||||
#
|
||||
# Update the configuration file if requested
|
||||
#
|
||||
update_config_file( $annotate ) if $update;
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
progress_message3 "Shorewall configuration verified";
|
||||
} else {
|
||||
|
@ -121,7 +121,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
||||
run_user_exit1
|
||||
run_user_exit2
|
||||
generate_aux_config
|
||||
update_config_file
|
||||
|
||||
$product
|
||||
$Product
|
||||
@ -2853,8 +2852,10 @@ sub set_shorewall_dir( $ ) {
|
||||
#
|
||||
# Small functions called by get_configuration. We separate them so profiling is more useful
|
||||
#
|
||||
sub process_shorewall_conf( $ ) {
|
||||
my $update = shift;
|
||||
sub update_config_file( $ );
|
||||
|
||||
sub process_shorewall_conf( $$ ) {
|
||||
my ( $update, $annotate ) = @_;
|
||||
my $file = find_file "$product.conf";
|
||||
my $config = $update ? \%rawconfig : \%config;
|
||||
|
||||
@ -2921,6 +2922,10 @@ sub process_shorewall_conf( $ ) {
|
||||
$config{$opt} = $v;
|
||||
}
|
||||
}
|
||||
#
|
||||
# Now update the config file if asked
|
||||
#
|
||||
update_config_file( $annotate) if $update;
|
||||
}
|
||||
|
||||
#
|
||||
@ -3181,9 +3186,9 @@ sub export_params() {
|
||||
# - Read the capabilities file, if any
|
||||
# - establish global hashes %config , %globals and %capabilities
|
||||
#
|
||||
sub get_configuration( $$ ) {
|
||||
sub get_configuration( $$$ ) {
|
||||
|
||||
my ( $export, $update ) = @_;
|
||||
my ( $export, $update, $annotate ) = @_;
|
||||
|
||||
$globals{EXPORT} = $export;
|
||||
|
||||
@ -3195,7 +3200,7 @@ sub get_configuration( $$ ) {
|
||||
|
||||
get_params;
|
||||
|
||||
process_shorewall_conf( $update );
|
||||
process_shorewall_conf( $update, $annotate );
|
||||
|
||||
ensure_config_path;
|
||||
|
||||
|
@ -107,19 +107,20 @@ None.
|
||||
DROP_DEFAULT=Drop(-,DROP)
|
||||
|
||||
5) An 'update' command has been added to /sbin/shorewall and
|
||||
/sbin/shorewall6. The command validates the configuration and then
|
||||
updates the shorewall.conf (shorewall6.conf) file. The updated file
|
||||
will set any new options with their default values and will move
|
||||
any deprecated options with non-default values to a 'deprecated
|
||||
options' section at the end of the file. Each such deprecated
|
||||
option will generate a warning message.
|
||||
/sbin/shorewall6. The command updates he shorewall.conf
|
||||
(shorewall6.conf) file then validates the configuration. The
|
||||
updated file will set any options not specified in the old file
|
||||
with their default values, and will move any deprecated options
|
||||
with non-default values to a 'deprecated options' section at the
|
||||
end of the file. Each such deprecated option will generate a
|
||||
warning message.
|
||||
|
||||
Your original shorewall.conf (shorewall6.conf) file will be saved as
|
||||
shorewall.conf.bak (shorewall6.conf.bak).
|
||||
|
||||
The 'update' command accepts the same options as 'check' plus an
|
||||
'-a' option that causes the updated file to be annotated with
|
||||
documentation.
|
||||
The 'update' command accepts the same options as the 'check'
|
||||
command plus a '-a' option that causes the updated file to be
|
||||
annotated with documentation.
|
||||
|
||||
6) Shorewall6 now supports ipsets.
|
||||
|
||||
|
@ -1551,10 +1551,10 @@
|
||||
<term><emphasis role="bold">update</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.21 and causes the compiler to validate
|
||||
the configuration and then update
|
||||
<filename>/etc/shorewall/shorewall.conf</filename>. The update will
|
||||
add new options with their default values and will move deprecated
|
||||
<para>Added in Shorewall 4.4.21 and causes the compiler to update
|
||||
<filename>/etc/shorewall/shorewall.conf then validate the
|
||||
configuration</filename>. The update will add options not present in
|
||||
the old file with their default values, and will move deprecated
|
||||
options with non-defaults to a deprecated options section at the
|
||||
bottom of the file. Your existing
|
||||
<filename>shorewall.conf</filename> file is renamed
|
||||
|
@ -1360,12 +1360,12 @@
|
||||
<term><emphasis role="bold">update</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.4.21 and causes the compiler to validate
|
||||
the configuration and then update
|
||||
<filename>/etc/shorewall6/shorewall6.conf</filename>. The update
|
||||
will add new options with their default values and will move
|
||||
deprecated options with non-defaults to a deprecated options section
|
||||
at the bottom of the file. Your existing
|
||||
<para>Added in Shorewall 4.4.21 and causes the compiler to update
|
||||
<filename>/etc/shorewall6/shorewall6.conf</filename> then validate
|
||||
the configuration. The update will add options not present in the
|
||||
existing file with their default values, and will move deprecated
|
||||
options with non-defaults to a deprecated options section at the
|
||||
bottom of the file. Your existing
|
||||
<filename>shorewall6.conf</filename> file is renamed
|
||||
<filename>shorewall6.conf.bak.</filename></para>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user