From 4beb3a6cee7df93081f4b87aa02295ca0538b317 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 12 Apr 2007 17:40:36 +0000
Subject: [PATCH] More release note updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5905 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-common/releasenotes.txt | 53 ++++++++++++++++++++++++++++---
 Shorewall-perl/releasenotes.txt   |  4 ++-
 2 files changed, 51 insertions(+), 6 deletions(-)

diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index ce24829b9..dc3cb9775 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -122,12 +122,55 @@ d) The BROADCAST column in the interfaces file is essentially unused;
    match requirement is relaxed.
 
 e) Because the compiler is now written in Perl, your compile-time
-   extension scripts from earlier versions will no longer work. For
-   now, if you want to use extension scripts, you will need to read the
-   Perl code to see how the compiler operates internally. I will
-   produce documentation before the first official release.
+   extension scripts from earlier versions will no longer work.
    Compile-time extension scripts are executed using the Perl
-   'eval `cat <file>`' mechanism.
+   'eval `cat <file>`' mechanism. Be sure that each script returns a
+   'true' value; otherwise, the compiler will assume that the script
+   failed and will abort the compilation.
+
+   When a script is invoked, the $chainref scalar variable will hold a
+   reference to a chain table entry. 
+
+       $chainref->{name}  contains the name of the chain
+       $chainref->{table} holds the table name
+       
+       To add a rule to the chain:
+
+	  add_rule $chainref, <the rule>
+
+       Where
+
+          <the rule> is a scalar argument holding the rule text. Do not
+          include "-A <chain name>"
+
+       Example:
+
+          add_rule $chainref, '-j ACCEPT';
+
+       To insert a rule into the chain:
+
+          insert_rule $chainref, <rulenum>, <the rule>
+
+       The log_rule_limit function works like it does in the shell
+       compiler with two exceptions:
+
+          - You pass the chain reference rather than the name of the
+            chain.
+	  - The commands are 'add' and 'insert' rather than '-A' and
+            '-I'.
+	  - There is only a single "pass as-is to iptables" argument
+            (so you must quote that part).
+
+       Example:
+
+	  log_rule_limit
+	      'info' , 
+	      $chainref , 
+	      $chainref->{name},
+	      'DROP' , 
+	      '',    #Limit
+	      '' ,   #Log tag
+	      'add';	      
 
 f) The 'refresh' command is now synonymous with 'restart'.
 
diff --git a/Shorewall-perl/releasenotes.txt b/Shorewall-perl/releasenotes.txt
index 62b898a33..967e80d25 100644
--- a/Shorewall-perl/releasenotes.txt
+++ b/Shorewall-perl/releasenotes.txt
@@ -77,7 +77,9 @@ d) The BROADCAST column in the interfaces file is essentially unused;
 e) Because the compiler is now written in Perl, your compile-time
    extension scripts from earlier versions will no longer work.
    Compile-time extension scripts are executed using the Perl
-   'eval `cat <file>`' mechanism.
+   'eval `cat <file>`' mechanism. Be sure that each script returns a
+   'true' value; otherwise, the compiler will assume that the script
+   failed and will abort the compilation.
 
    When a script is invoked, the $chainref scalar variable will hold a
    reference to a chain table entry.