holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

New params/init treatment

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5353 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-02-04 01:53:37 +00:00
parent fa024a63aa
commit c35b389f98
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
docs/CompiledPrograms.xml
View File

@ -72,9 +72,9 @@
</listitem> </listitem>
<listitem> <listitem>
<para>The <filename>/etc/shorewall/params</filename> extension <para>With Shorewall 3.2.0 through 3.2.8, the
script is executed at compile time as well as at run <filename>/etc/shorewall/params</filename> extension script is
time.</para> executed at compile time as well as at run time.</para>
<para>Running the script at compile time allows variable <para>Running the script at compile time allows variable
expansion (expanding $variable to it's defined value) of expansion (expanding $variable to it's defined value) of
@ -99,22 +99,23 @@
<para>Bottom line: You probably want to use only constant values <para>Bottom line: You probably want to use only constant values
for variables set in for variables set in
<filename>/etc/shorewall/params</filename>.</para> <filename>/etc/shorewall/params</filename>.</para>
</listitem>
<para>To work around this, Shorewall 3.2.9 (Shorewall 3.4.0 RC2) <listitem>
and later support a <firstterm>compile</firstterm> extension <para>Beginning with Shorewall 3.2.9 (and 3.4.0 RC2),
script. This script is invoked during compiler initialization to <filename>/etc/shorewall/params</filename> is only processed at
set shell variables needed at compile time. If you need the IP compile time. For run-time setting of shell variables, use
address of eth0 on the firewall system, you can use this trick <filename>/etc/shorewall/init</filename>.</para>
in <filename>/etc/shorewall/compile</filename>:</para>
<para>If <filename>/etc/shorewall/params</filename> needs to set
shell variables based on the configuration of the firewall
system, you can use this trick:</para>
<programlisting>EXT_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0")</programlisting> <programlisting>EXT_IP=$(ssh root@firewall "/sbin/shorewall-lite call find_first_interface_address eth0")</programlisting>
<para>The <command>shorewall-lite call</command> command allows <para>The <command>shorewall-lite call</command> command allows
you to interactively call any function in you to to call interactively any Shorewall function that you can
<filename>/etc/shorewall/functions</filename> call in an extension script. </para>
(<filename>/etc/shorewall/lib.bas</filename>e and
<filename>/etc/shorewall/lib.conf</filename> on Shorewall 3.4
and later).</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>

5
docs/shorewall_extension_scripts.xml
View File

@ -119,6 +119,11 @@
rule is added to the current chain (the name of that chain will be in rule is added to the current chain (the name of that chain will be in
$CHAIN).</para> $CHAIN).</para>
</listitem> </listitem>
<listitem>
<para>compile -- (Added in Shorewall versions 3.2.9 and 3.4.0 RC2)
invoked during compiler initialization.</para>
</listitem>
</itemizedlist> </itemizedlist>
<para><emphasis role="bold">If your version of Shorewall doesn't have the <para><emphasis role="bold">If your version of Shorewall doesn't have the