Refine -lite handling of scfilter.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:30 -07:00 · 2010-10-03 12:52:30 -07:00 · cee05d9763
commit cee05d9763
parent b3d0447ef2
5 changed files with 26 additions and 18 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -3430,9 +3430,11 @@ sub generate_aux_config() {

    if ( -f $fn ) {
 	emit( '',
-	      'cat << __EOF__ > ${VARDIR}/scfilter' );
-	append_file( $fn,1,1 ) or emit_unindented "#! /bin/sh\ncat -";
-	emit_unindented( "__EOF__\n" );
+	      'show_connections_filter() {' );
+	push_indent;
+	append_file( $fn,1 ) or emit 'cat -';
+	pop_indent;
+	emit '}';
    }

    finalize_aux_config;
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@ -434,7 +434,10 @@ list_zone() {
 }

 #
-# Show Filter
+# Show Filter - For Shorewall-lite, if there was an scfilter file at compile-time,
+#               then the compiler generated another version of this function and
+#               embedded it in the firewall.conf file. That version supersedes this
+#               one.
 #
 show_connections_filter() {
    local filter
@ -443,7 +446,7 @@ show_connections_filter() {

    command=${SHOREWALL_SHELL}

-    [ "$g_product" = Shorewall ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
+    filter=$(find_file scfilter)

    if [ -f $filter ]; then
 	first=$(head -n1 $filter)
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -110,12 +110,11 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
    which passes the output through unmodified.

    If you are using Shorewall-lite and/or Shorewall6-lite, the
-    scfilter file is kept on the administrative system and is copied
+    scfilter file is kept on the administrative system. The compiler
+    encapsulates the script into a shell function that is copied
    into the generated auxillary configuration file
-    (firewall.conf). Each time that configuration file is read, the 
-    scfilter script is extracted into /var/lib/shorewall-lite/scfilter
-    (/var/lib/shorewall6-lite/scfilter) where /sbin/shorewall-lite
-    (/sbin/shorewall6-lite) looks for it.
+    (firewall.conf). That function is then invoked by the 'show
+    connections' command.

 ----------------------------------------------------------------------------
             I V.  R E L E A S E  4 . 4  H I G H L I G H T S
--- a/Shorewall6/lib.cli
+++ b/Shorewall6/lib.cli
@ -358,7 +358,10 @@ show_routing() {
 }

 #
-# Show Connections Filter
+# Show Filter - For Shorewall6-lite, if there was an scfilter file at compile-time,
+#               then the compiler generated another version of this function and
+#               embedded it in the firewall.conf file. That version supersedes this
+#               one.
 #
 show_connections_filter() {
    local filter
@ -367,7 +370,7 @@ show_connections_filter() {

    command=${SHOREWALL_SHELL}

-    [ "$g_product" = Shorewall6 ] && filter=$(find_file scfilter) || filter=${VARDIR}/scfilter
+    filter=$(find_file scfilter)

    if [ -f $filter ]; then
 	first=$(head -n1 $filter)
--- a/docs/shorewall_extension_scripts.xml
+++ b/docs/shorewall_extension_scripts.xml
@ -203,18 +203,19 @@ esac</programlisting><caution>

      <listitem>
        <para><filename>scfilter</filename> -- Added in Shorewall 4.4.14.
-        Unlike the other scripts, this script is executed by the command line
+        Unlike the other scripts, this script is executed by the command-line
        tools (<filename>/sbin/shorewall</filename>,
        <filename>/sbin/shorewall6</filename>, etc) and can be used to
        reformat the output of the <command>show connections</command>
        command. The connection information is piped through this script so
        that the script can drop information, add information or alter the
        format of the information. When using Shorewall Lite or Shorewall6
-        Lite, the script is copied into the generated auxillary configuration
-        file (firewall.conf) and is extracted into /var/lib/shorewall-lite
-        (/var/lib/shorewall6-lite) where /sbin/shorewall-lite
-        (/sbin/shorewall6-lite) can find it. The default script is as follows
-        and simply pipes the output through unaltered.</para>
+        Lite, the script is encapsulated in a function that is copied into the
+        generated auxillary configuration file. That function is invoked by
+        the 'show connections' command.</para>
+
+        <para>The default script is as follows and simply pipes the output
+        through unaltered.</para>

        <programlisting>#! /bin/sh
 cat -</programlisting>