forked from extern/shorewall_code
Chop first config dir if non-root or if compiling for export.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
5aaf1e53de
commit
7289175070
@ -59,7 +59,7 @@ our $have_arptables;
|
|||||||
# Initilize the package-globals in the other modules
|
# Initilize the package-globals in the other modules
|
||||||
#
|
#
|
||||||
sub initialize_package_globals( $$$ ) {
|
sub initialize_package_globals( $$$ ) {
|
||||||
Shorewall::Config::initialize($family, $_[1], $_[2]);
|
Shorewall::Config::initialize($family, $export, $_[1], $_[2]);
|
||||||
Shorewall::Chains::initialize ($family, 1, $export );
|
Shorewall::Chains::initialize ($family, 1, $export );
|
||||||
Shorewall::Zones::initialize ($family, $_[0]);
|
Shorewall::Zones::initialize ($family, $_[0]);
|
||||||
Shorewall::Nat::initialize($family);
|
Shorewall::Nat::initialize($family);
|
||||||
|
@ -675,6 +675,7 @@ our $debug; # Global debugging flag
|
|||||||
our $confess; # If true, use Carp to report errors with stack trace.
|
our $confess; # If true, use Carp to report errors with stack trace.
|
||||||
|
|
||||||
our $family; # Protocol family (4 or 6)
|
our $family; # Protocol family (4 or 6)
|
||||||
|
our $export; # True when compiling for export
|
||||||
our $toolname; # Name of the tool to use (iptables or iptables6)
|
our $toolname; # Name of the tool to use (iptables or iptables6)
|
||||||
our $toolNAME; # Tool name in CAPS
|
our $toolNAME; # Tool name in CAPS
|
||||||
our $product; # Name of product that will run the generated script
|
our $product; # Name of product that will run the generated script
|
||||||
@ -788,8 +789,8 @@ sub add_variables( \% );
|
|||||||
# 2. The compiler can run multiple times in the same process so it has to be
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
# able to re-initialize its dependent modules' state.
|
# able to re-initialize its dependent modules' state.
|
||||||
#
|
#
|
||||||
sub initialize( $;$$) {
|
sub initialize( $;$$$) {
|
||||||
( $family, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
|
( $family, $export, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
|
||||||
|
|
||||||
if ( $family == F_IPV4 ) {
|
if ( $family == F_IPV4 ) {
|
||||||
( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES );
|
( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES );
|
||||||
@ -5328,7 +5329,13 @@ sub ensure_config_path() {
|
|||||||
fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH};
|
fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH};
|
||||||
}
|
}
|
||||||
|
|
||||||
@config_path = split /:/, $config{CONFIG_PATH};
|
my $path = $config{CONFIG_PATH};
|
||||||
|
|
||||||
|
my $chop = ( $path =~ s/^:// );
|
||||||
|
|
||||||
|
@config_path = split /:/, $path;
|
||||||
|
|
||||||
|
shift @config_path if $chop && ( $export || $> != 0 );
|
||||||
|
|
||||||
#
|
#
|
||||||
# To accomodate Cygwin-based compilation, we have separate directories for files whose names
|
# To accomodate Cygwin-based compilation, we have separate directories for files whose names
|
||||||
|
@ -77,7 +77,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
|
|
||||||
ARPTABLES=
|
ARPTABLES=
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -88,7 +88,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
|
|
||||||
ARPTABLES=
|
ARPTABLES=
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
|
|
||||||
ARPTABLES=
|
ARPTABLES=
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -88,7 +88,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
|
|
||||||
ARPTABLES=
|
ARPTABLES=
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -77,7 +77,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
|
|
||||||
ARPTABLES=
|
ARPTABLES=
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -3,4 +3,4 @@
|
|||||||
#
|
#
|
||||||
# /usr/share/shorewall/configpath
|
# /usr/share/shorewall/configpath
|
||||||
#
|
#
|
||||||
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
|
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||||
|
@ -673,7 +673,7 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">CONFIG_PATH</emphasis>=[<emphasis>directory</emphasis>[:<emphasis>directory</emphasis>]...]</term>
|
role="bold">CONFIG_PATH</emphasis>=[[:]<emphasis>directory</emphasis>[:<emphasis>directory</emphasis>]...]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Specifies where configuration files other than
|
<para>Specifies where configuration files other than
|
||||||
@ -701,6 +701,16 @@
|
|||||||
/etc/shorewall:/usr/share/shorewall but your particular distribution
|
/etc/shorewall:/usr/share/shorewall but your particular distribution
|
||||||
may set it differently. See the output of shorewall show config for
|
may set it differently. See the output of shorewall show config for
|
||||||
the default on your system.</para>
|
the default on your system.</para>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 5.1.10, the CONFIG_PATH setting may
|
||||||
|
begin with a colon (":"), to signal that the first
|
||||||
|
<replaceable>directory</replaceable> listed will be skipped if the
|
||||||
|
user performing a compilation is not root or if the configuration is
|
||||||
|
being compiled for export (-e option specified or if running one of
|
||||||
|
the remote-* commands) . This prevents the compiler from looking in
|
||||||
|
<filename>/etc/shorewall[6]</filename>/ when compilation is being
|
||||||
|
done by a non-root user or if the generated script is to be sent to
|
||||||
|
a remote firewall system.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
|
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -75,7 +75,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
|
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
|
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
|
|||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
|
CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||||
|
|
||||||
|
@ -3,4 +3,4 @@
|
|||||||
#
|
#
|
||||||
# /usr/share/shorewall6/configpath
|
# /usr/share/shorewall6/configpath
|
||||||
#
|
#
|
||||||
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
|
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
|
||||||
|
Loading…
Reference in New Issue
Block a user