forked from extern/shorewall_code
Make .ip[6]tables-restore-input comments conditional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
2235641c9f
commit
3e404b765f
@ -732,6 +732,7 @@ sub initialize( $;$$) {
|
||||
RPFILTER_LOG_TAG => '',
|
||||
INVALID_LOG_TAG => '',
|
||||
UNTRACKED_LOG_TAG => '',
|
||||
TRACK_RULES => '',
|
||||
);
|
||||
#
|
||||
# From shorewall.conf file
|
||||
@ -1194,13 +1195,15 @@ sub currentlineinfo() {
|
||||
}
|
||||
|
||||
sub shortlineinfo1( $ ) {
|
||||
if ( $currentfile ) {
|
||||
join( ':', $currentfilename, $currentlinenumber );
|
||||
} else {
|
||||
#
|
||||
# Alternate lineinfo may have been passed
|
||||
#
|
||||
$_[0] || ''
|
||||
if ( $globals{TRACK_RULES} ) {
|
||||
if ( $currentfile ) {
|
||||
join( ':', $currentfilename, $currentlinenumber );
|
||||
} else {
|
||||
#
|
||||
# Alternate lineinfo may have been passed
|
||||
#
|
||||
$_[0] || ''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -5823,7 +5826,18 @@ sub get_configuration( $$$$ ) {
|
||||
default_yes_no 'MULTICAST' , '';
|
||||
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
|
||||
default_yes_no 'CHAIN_SCRIPTS' , 'Yes';
|
||||
default_yes_no 'TRACK_RULES' , '';
|
||||
|
||||
if ( supplied ( $val = $config{TRACK_RULES} ) ) {
|
||||
if ( lc( $val ) eq 'internal' ) {
|
||||
$globals{TRACK_RULES} = 'Yes';
|
||||
$config{TRACK_RULES} = '';
|
||||
} else {
|
||||
default_yes_no 'TRACK_RULES' , '';
|
||||
}
|
||||
} else {
|
||||
default_yes_no 'TRACK_RULES' , '';
|
||||
}
|
||||
|
||||
default_yes_no 'INLINE_MATCHES' , '';
|
||||
default_yes_no 'BASIC_FILTERS' , '';
|
||||
default_yes_no 'WORKAROUNDS' , 'Yes';
|
||||
|
@ -1397,7 +1397,7 @@ sub process_interface( $$ ) {
|
||||
physical => $physical ,
|
||||
base => var_base( $physical ),
|
||||
zones => {},
|
||||
origin => shortlineinfo1(''),
|
||||
origin => shortlineinfo1('') || shortlineinfo( '' ),
|
||||
wildcard => $wildcard,
|
||||
};
|
||||
|
||||
|
@ -1629,7 +1629,7 @@ LOG:info:,bar net fw</programlisting>
|
||||
"/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset"
|
||||
where <emphasis role="bold">uname</emphasis> holds the output of
|
||||
'<command>uname -r</command>' and <emphasis
|
||||
role="bold">g_family</emphasis> holds '4'. </para>
|
||||
role="bold">g_family</emphasis> holds '4'.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -2620,7 +2620,8 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
role="bold">Yes</emphasis>|<emphasis
|
||||
role="bold">No</emphasis>|Internal}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.20. If set to <emphasis
|
||||
@ -2633,6 +2634,12 @@ INLINE - - - ; -j REJECT
|
||||
<para>Setting this option to <emphasis role="bold">Yes</emphasis>
|
||||
requires the <firstterm>Comments</firstterm> capability in iptables
|
||||
and kernel.</para>
|
||||
|
||||
<para>Beginning with Shorewall 5.0.5, the option may also be set to
|
||||
<emphasis role="bold">Internal</emphasis>. That setting causes
|
||||
similar comments to be added to the
|
||||
<filename>.iptables-restore-input</filename> file, which is normally
|
||||
created in <filename>/var/lib/shorewall</filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
@ -2295,7 +2295,8 @@ INLINE - - - ; -j REJECT
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">TRACK_RULES=</emphasis>{<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
|
||||
role="bold">Yes</emphasis>|<emphasis
|
||||
role="bold">No</emphasis>|Internal}</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.20. If set to <emphasis
|
||||
@ -2306,8 +2307,14 @@ INLINE - - - ; -j REJECT
|
||||
added.</para>
|
||||
|
||||
<para>Setting this option to <emphasis role="bold">Yes</emphasis>
|
||||
requires the <firstterm>Comments</firstterm> capability in ip6tables
|
||||
requires the <firstterm>Comments</firstterm> capability in iptables
|
||||
and kernel.</para>
|
||||
|
||||
<para>Beginning with Shorewall 5.0.5, the option may also be set to
|
||||
<emphasis role="bold">Internal</emphasis>. That setting causes
|
||||
similar comments to be added to the
|
||||
<filename>.ip6tables-restore-input</filename> file, which is
|
||||
normally created in <filename>/var/lib/shorewall</filename>6.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user