From 819e9dd38fc75e5cd7572d12affc8bc5fb40c612 Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 8 Sep 2005 22:30:32 +0000 Subject: [PATCH] Add SHOREWALL_LIBRARY global variable git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2649 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/functions | 2 ++ Shorewall/releasenotes.txt | 8 ++++++++ Shorewall/zones | 23 ++++++++++++++++++----- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index cc1737bfd..393ba34f3 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -6,6 +6,8 @@ Changes in 2.5.5 3) Fix error handling. +4) Add SHOREWALL_LIBRARY function. + Changes in 2.5.4 1) Allow TAG to be used as a general parameter mechanism [hack]. diff --git a/Shorewall/functions b/Shorewall/functions index 13348064e..d8b9156e1 100755 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -851,3 +851,5 @@ set_state () # $1 = state { echo "$1 ($(date))" > /var/lib/shorewall/state } + +SHOREWALL_LIBRARY=Loaded diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index bdc62ec93..0a92facab 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -19,6 +19,14 @@ New Features in 2.5.5: firewall The firewall zone. There must be exactly one firewall zone. +2) When /usr/share/shorewall/functions is loaded it now sets + + SHOREWALL_LIBRARY=Loaded + + Application code such as /etc/shorewall/tcstart may test that + variable to determine if the library has been loaded into the + current shell process. + Problems Corrected in 2.5.4: 1) Several serious problems associated with macros have been corrected. diff --git a/Shorewall/zones b/Shorewall/zones index fb98f41b4..a1497183f 100644 --- a/Shorewall/zones +++ b/Shorewall/zones @@ -11,6 +11,24 @@ # The names "all" and "none" are reserved and may not be # used as zone names. # +# Where a zone is nested in one or more other zones, +# you may follow the (sub)zone name by ":" and a +# comma-separated list of the parent zones. The parent +# zones must have been defined in earlier records in this +# file. +# +# Example: +# +# #ZONE TYPE OPTIONS +# a plain +# b plain +# c:a,b plain +# +# Currently, Shorewall uses this information only to reorder the +# zone list so that parent zones appear after their subzones in +# the list. In the future, Shorewall may make more extensive use +# of that information. +# # TYPE ipsec - Communication with all zone hosts is encrypted # Your kernel and iptables must include policy # match support. @@ -58,11 +76,6 @@ # # If you wish to leave a column empty but need to make an entry # in a following column, use "-". -# -# THE ORDER OF THE ENTRIES IN THIS FILE IS IMPORTANT IF YOU HAVE NESTED OR -# OVERLAPPING ZONES DEFINED THROUGH /etc/shorewall/hosts. -# -# See http://www.shorewall.net/Documentation.htm#Nested #------------------------------------------------------------------------------ # Example zones: #