Eliminate need to restart -lite to extract scfilter

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 10:56:55 -07:00 · 2010-10-03 10:56:55 -07:00 · 432534a650
commit 432534a650
parent 994ea3cce6
4 changed files with 19 additions and 22 deletions
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -348,15 +348,6 @@ sub generate_script_3($) {
 	} else {
 	    emit 'load_kernel_modules Yes';
 	}
-
-	$fn = find_file 'scfilter';
-
-	if ( -f $fn ) {
-	    emit( '',
-		  'cat << __EOF__ > ${VARDIR}/scfilter' );
-	    append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -";
-	    emit_unindented( "__EOF__\n" );
-	}
    } else {
 	emit 'load_kernel_modules Yes';
    }
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -3426,8 +3426,16 @@ sub generate_aux_config() {

    conditionally_add_option1 'TC_ENABLED';

-    finalize_aux_config;
+    my $fn = find_file 'scfilter';

+    if ( -f $fn ) {
+	emit( '',
+	      'cat << __EOF__ > ${VARDIR}/scfilter' );
+	append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -";
+	emit_unindented( "__EOF__\n" );
+    }
+
+    finalize_aux_config;
 }

 END {
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -111,11 +111,11 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES

    If you are using Shorewall-lite and/or Shorewall6-lite, the
    scfilter file is kept on the administrative system and is copied
-    into the generated script just like other scripts. When the script
-    is run to start or restart the firewall, the scfilter script is
-    copied into /var/lib/shorewall-lite (/var/lib/shorewall6-lite)
-    where /sbin/shorewall-lite (/sbin/shorewall6-lite) looks for it.
-
+    into the generated auxillary config file (firewall.conf). Each time
+    that config file is read, the scfilter script is copied into
+    /var/lib/shorewall-lite/scfilter
+    (/var/lib/shorewall6-lite/scfilter) where /sbin/shorewall-lite
+    (/sbin/shorewall6-lite) looks for it.
 ----------------------------------------------------------------------------
             I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@ -210,13 +210,11 @@ esac</programlisting><caution>
        command. The connection information is piped through this script so
        that the script can drop information, add information or alter the
        format of the information. When using Shorewall Lite or Shorewall6
-        Lite, the script is copied into the generated firewall script and is
-        extracted into /var/lib/shorewall-lite (/var/lib/shorewall6-lite)
-        where /sbin/shorewall-lite (/sbin/shorewall6-lite) can find it. After
-        you have generated a new firewall script and copied the script to a
-        firewall system, you must start (or restart) the firewall in order to
-        install a new scfilter script. The default script is as follows and
-        simply pipes the output through unaltered.</para>
+        Lite, the script is copied into the generated auxillary configuration
+        file (firewall.conf) and is extracted into /var/lib/shorewall-lite
+        (/var/lib/shorewall6-lite) where /sbin/shorewall-lite
+        (/sbin/shorewall6-lite) can find it. The default script is as follows
+        and simply pipes the output through unaltered.</para>

        <programlisting>#! /bin/sh
 cat -</programlisting>