forked from extern/shorewall_code
Update the .conf file before validating ('update' command)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
ba7d5fd720
commit
1b3d7947b8
@ -593,7 +593,7 @@ sub compiler {
|
|||||||
#
|
#
|
||||||
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
|
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
|
||||||
#
|
#
|
||||||
get_configuration( $export , $update );
|
get_configuration( $export , $update , $annotate );
|
||||||
|
|
||||||
report_capabilities unless $config{LOAD_HELPERS_ONLY};
|
report_capabilities unless $config{LOAD_HELPERS_ONLY};
|
||||||
|
|
||||||
@ -890,11 +890,6 @@ sub compiler {
|
|||||||
process_routestopped;
|
process_routestopped;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Update the configuration file if requested
|
|
||||||
#
|
|
||||||
update_config_file( $annotate ) if $update;
|
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
progress_message3 "Shorewall configuration verified";
|
progress_message3 "Shorewall configuration verified";
|
||||||
} else {
|
} else {
|
||||||
|
@ -121,7 +121,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
|||||||
run_user_exit1
|
run_user_exit1
|
||||||
run_user_exit2
|
run_user_exit2
|
||||||
generate_aux_config
|
generate_aux_config
|
||||||
update_config_file
|
|
||||||
|
|
||||||
$product
|
$product
|
||||||
$Product
|
$Product
|
||||||
@ -2853,8 +2852,10 @@ sub set_shorewall_dir( $ ) {
|
|||||||
#
|
#
|
||||||
# Small functions called by get_configuration. We separate them so profiling is more useful
|
# Small functions called by get_configuration. We separate them so profiling is more useful
|
||||||
#
|
#
|
||||||
sub process_shorewall_conf( $ ) {
|
sub update_config_file( $ );
|
||||||
my $update = shift;
|
|
||||||
|
sub process_shorewall_conf( $$ ) {
|
||||||
|
my ( $update, $annotate ) = @_;
|
||||||
my $file = find_file "$product.conf";
|
my $file = find_file "$product.conf";
|
||||||
my $config = $update ? \%rawconfig : \%config;
|
my $config = $update ? \%rawconfig : \%config;
|
||||||
|
|
||||||
@ -2921,6 +2922,10 @@ sub process_shorewall_conf( $ ) {
|
|||||||
$config{$opt} = $v;
|
$config{$opt} = $v;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#
|
||||||
|
# Now update the config file if asked
|
||||||
|
#
|
||||||
|
update_config_file( $annotate) if $update;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -3181,9 +3186,9 @@ sub export_params() {
|
|||||||
# - Read the capabilities file, if any
|
# - Read the capabilities file, if any
|
||||||
# - establish global hashes %config , %globals and %capabilities
|
# - establish global hashes %config , %globals and %capabilities
|
||||||
#
|
#
|
||||||
sub get_configuration( $$ ) {
|
sub get_configuration( $$$ ) {
|
||||||
|
|
||||||
my ( $export, $update ) = @_;
|
my ( $export, $update, $annotate ) = @_;
|
||||||
|
|
||||||
$globals{EXPORT} = $export;
|
$globals{EXPORT} = $export;
|
||||||
|
|
||||||
@ -3195,7 +3200,7 @@ sub get_configuration( $$ ) {
|
|||||||
|
|
||||||
get_params;
|
get_params;
|
||||||
|
|
||||||
process_shorewall_conf( $update );
|
process_shorewall_conf( $update, $annotate );
|
||||||
|
|
||||||
ensure_config_path;
|
ensure_config_path;
|
||||||
|
|
||||||
|
@ -107,19 +107,20 @@ None.
|
|||||||
DROP_DEFAULT=Drop(-,DROP)
|
DROP_DEFAULT=Drop(-,DROP)
|
||||||
|
|
||||||
5) An 'update' command has been added to /sbin/shorewall and
|
5) An 'update' command has been added to /sbin/shorewall and
|
||||||
/sbin/shorewall6. The command validates the configuration and then
|
/sbin/shorewall6. The command updates he shorewall.conf
|
||||||
updates the shorewall.conf (shorewall6.conf) file. The updated file
|
(shorewall6.conf) file then validates the configuration. The
|
||||||
will set any new options with their default values and will move
|
updated file will set any options not specified in the old file
|
||||||
any deprecated options with non-default values to a 'deprecated
|
with their default values, and will move any deprecated options
|
||||||
options' section at the end of the file. Each such deprecated
|
with non-default values to a 'deprecated options' section at the
|
||||||
option will generate a warning message.
|
end of the file. Each such deprecated option will generate a
|
||||||
|
warning message.
|
||||||
|
|
||||||
Your original shorewall.conf (shorewall6.conf) file will be saved as
|
Your original shorewall.conf (shorewall6.conf) file will be saved as
|
||||||
shorewall.conf.bak (shorewall6.conf.bak).
|
shorewall.conf.bak (shorewall6.conf.bak).
|
||||||
|
|
||||||
The 'update' command accepts the same options as 'check' plus an
|
The 'update' command accepts the same options as the 'check'
|
||||||
'-a' option that causes the updated file to be annotated with
|
command plus a '-a' option that causes the updated file to be
|
||||||
documentation.
|
annotated with documentation.
|
||||||
|
|
||||||
6) Shorewall6 now supports ipsets.
|
6) Shorewall6 now supports ipsets.
|
||||||
|
|
||||||
|
@ -1551,10 +1551,10 @@
|
|||||||
<term><emphasis role="bold">update</emphasis></term>
|
<term><emphasis role="bold">update</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Added in Shorewall 4.4.21 and causes the compiler to validate
|
<para>Added in Shorewall 4.4.21 and causes the compiler to update
|
||||||
the configuration and then update
|
<filename>/etc/shorewall/shorewall.conf then validate the
|
||||||
<filename>/etc/shorewall/shorewall.conf</filename>. The update will
|
configuration</filename>. The update will add options not present in
|
||||||
add new options with their default values and will move deprecated
|
the old file with their default values, and will move deprecated
|
||||||
options with non-defaults to a deprecated options section at the
|
options with non-defaults to a deprecated options section at the
|
||||||
bottom of the file. Your existing
|
bottom of the file. Your existing
|
||||||
<filename>shorewall.conf</filename> file is renamed
|
<filename>shorewall.conf</filename> file is renamed
|
||||||
|
@ -1360,12 +1360,12 @@
|
|||||||
<term><emphasis role="bold">update</emphasis></term>
|
<term><emphasis role="bold">update</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Added in Shorewall 4.4.21 and causes the compiler to validate
|
<para>Added in Shorewall 4.4.21 and causes the compiler to update
|
||||||
the configuration and then update
|
<filename>/etc/shorewall6/shorewall6.conf</filename> then validate
|
||||||
<filename>/etc/shorewall6/shorewall6.conf</filename>. The update
|
the configuration. The update will add options not present in the
|
||||||
will add new options with their default values and will move
|
existing file with their default values, and will move deprecated
|
||||||
deprecated options with non-defaults to a deprecated options section
|
options with non-defaults to a deprecated options section at the
|
||||||
at the bottom of the file. Your existing
|
bottom of the file. Your existing
|
||||||
<filename>shorewall6.conf</filename> file is renamed
|
<filename>shorewall6.conf</filename> file is renamed
|
||||||
<filename>shorewall6.conf.bak.</filename></para>
|
<filename>shorewall6.conf.bak.</filename></para>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user