From 482f828c1d822935af18e3da34faadce068b77f2 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sat, 28 Jan 2006 05:46:27 +0000
Subject: [PATCH] Add some scripting documentation to confuse the masses

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3395 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/releasenotes.txt | 44 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 0d342463f..e669ac26d 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -149,6 +149,50 @@ file>
 	    - All scripts associated with a given chain such as Action
               chains
 
+    If you need to interject run-time code into the generated script then
+    you need to write it to file descriptor 3. Here is an example of creating
+    tap device tap0 and adding it to bridge xenbr0; the text will be indented
+    to line up with the surrounding text:
+
+    cat >&3 << __EOF__
+    ${INDENT}if ! qt /sbin/ip link ls dev tap0; then
+    ${INDENT}    /usr/sbin/openvpn --mktun --dev tap0
+    ${INDENT}    /sbin/ip link set dev tap0 up
+    ${INDENT}    /sbin/brctl addif xenbr0 tap0
+    ${INDENT}fi
+
+    __EOF__
+
+    This results in the following code in the script:
+
+    if ! qt /sbin/ip link ls dev tap0; then
+        /usr/sbin/openvpn --mktun --dev tap0
+        /sbin/ip link set dev tap0 up
+        /sbin/brctl addif xenbr0 tap0
+    fi
+
+
+    (Yes -- there is an extra blank line at the end)
+
+    If you need to expand variables in the generated text, be sure to escape
+    the '$' symbol.
+
+    Example:
+
+    cat >&3 << __EOF__
+
+    ${INDENT}addr=\$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
+    ${INDENT}if [ -n "\$addr" ]; then
+    ${INDENT}    addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
+    ${INDENT}    for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do
+    ${INDENT}        if in_network \$addr \$network; then
+    ${INDENT}            startup_error "The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface"
+    ${INDENT}        fi
+    ${INDENT}    done
+    ${INDENT}fi
+
+    __EOF__
+
     In addition to 'generate', a 'shorewall reload' command has been added.
 
 	shorewall reload [ -v ] [ -q ] [ <config directory> ]