Rationalize use of IPTABLES and LOGFORMAT with Shorewall Lite

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4029 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-lite/changelog.txt

@@ -1,3 +1,9 @@
+Changes in 3.2.0 RC 2
+
+1)  Remove VERSION from shorecap.
+
+2)  Rationalize the use of IPTABLES and LOGFORMAT.
+
 Changes in 3.2.0 RC 1
 
 1)  First Release.

Shorewall-lite/releasenotes.txt

@@ -2,7 +2,19 @@ Shorewall Lite 3.2.0 RC 2
 
 Problems Corrected in 3.2.0 RC 2
 
-None.
+1)  The treatment of IPTABLES and LOGFORMAT have been clarified with
+    respect to Shorewall Lite. If these options are set in the
+    shorewall.conf file used at compile time, then the generated
+    firewall script will use those values. /sbin/shorewall on the
+    firewall system will use the corresponding values from
+    /etc/shorewall/shorewall.conf on that system.
+
+    If the values are not given in shorewall.conf at compile time then
+    the values in /etc/shorewall/shorewall.conf on the firewall system
+    will be used by the generated firewall script.
+
+    To take advantage of this change, both the administrative system
+    and the firewall system(s) must be running RC2 or later.
 
 Other changes in 3.2.0 RC 2
 

Shorewall-lite/shorewall

@@ -187,6 +187,8 @@ get_config() {
 
     [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
 
+    export LOGFORMAT
+
     if [ -n "$IPTABLES" ]; then
 	if [ ! -e "$IPTABLES" ]; then
 	    echo "   ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
@@ -200,6 +202,8 @@ get_config() {
 	fi
     fi
 
+    export IPTABLES
+
     if [ -n "$SHOREWALL_SHELL" ]; then
 	if [ ! -e "$SHOREWALL_SHELL" ]; then
 	    echo "   ERROR: The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2

Shorewall/changelog.txt

@@ -2,6 +2,8 @@ Changes in 3.2.0 RC 2
 
 1)  Update versions.
 
+2)  Rationalize the use of IPTABLES and LOGFORMAT.
+
 -------------------------------------------------------------------------------
 Changes in 3.2.0 RC 1
 

Shorewall/compiler

@@ -8234,7 +8234,19 @@ __EOF__
     LOGLIMIT="$LOGLIMIT"
     LOGTAGONLY="$LOGTAGONLY"
     LOGRULENUMBERS="$LOGRULENUMBERS"
+__EOF__
+
+    if [ -n "$LOGFORMAT" ]; then
+	cat >&3 << __EOF__
     LOGFORMAT="$LOGFORMAT"
+__EOF__
+    else
+	cat >&3 << __EOF__
+    [ -n "\$LOGFORMAT\" ] || LOGFORMAT="Shorewall:%s:%s:"
+__EOF__
+    fi
+    
+    cat >&3 << __EOF__
     RESTOREFILE="$RESTOREFILE"
     VERSION="$VERSION"
     CONFIG_PATH="$CONFIG_PATH"
@@ -8251,9 +8263,9 @@ __EOF__
 __EOF__
    else
 	cat >&3 << __EOF__
-    IPTABLES=\$(mywhich iptables 2> /dev/null)
+    [ -z "\$IPTABLES\" ] && IPTABLES=\$(mywhich iptables 2> /dev/null)
 
-    [ -z "\$IPTABLES" ] && startup_error "Can't find iptables executable"
+    [ -n \"$IPTABLES\" -a -e "\$IPTABLES" ] || startup_error "Can't find iptables executable"
 __EOF__
     fi
 

Shorewall/releasenotes.txt

@@ -33,7 +33,19 @@ Note to users upgrading from Shorewall 2.x or 3.0
 
 Problems Corrected in 3.2.0 RC 2
 
-None.
+1)  The treatment of IPTABLES and LOGFORMAT have been clarified with
+    respect to Shorewall Lite. If these options are set in the
+    shorewall.conf file used at compile time, then the generated
+    firewall script will use those values. /sbin/shorewall on the
+    firewall system will use the corresponding values from
+    /etc/shorewall/shorewall.conf on that system.
+
+    If the values are not given in shorewall.conf at compile time then
+    the values in /etc/shorewall/shorewall.conf on the firewall system
+    will be used by the generated firewall script.
+
+    To take advantage of this change, both the administrative system
+    and the firewall system(s) must be running RC2 or later.
 
 Other changes in 3.2.0 RC 2
 

Shorewall/shorewall

@@ -214,6 +214,8 @@ get_config() {
 
     [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
 
+    export LOGFORMAT
+
     if [ -n "$IPTABLES" ]; then
 	if [ ! -e "$IPTABLES" ]; then
 	    echo "   ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
@@ -227,6 +229,8 @@ get_config() {
 	fi
     fi
 
+    export IPTABLES
+
     if [ -n "$SHOREWALL_SHELL" ]; then
 	if [ ! -e "$SHOREWALL_SHELL" ]; then
 	    echo "   ERROR: The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2

docs/CompiledPrograms.xml

@@ -259,10 +259,21 @@
         <member>LOGFILE</member>
 
         <member>LOGFORMAT — used by <filename>/sbin/shorewall</filename> for
-        finding 'Shorewall' log messages.</member>
+        finding 'Shorewall' log messages only. The format of the messages
+        themselves is defined by the LOGFORMAT in shorewall.conf used when the
+        firewall script was compiled on the administrative system. If
+        LOGFORMAT was not specified at compile time then the firewall script
+        will use the value from
+        <filename>/etc/shorewall/shorewall.conf</filename> on the firewall
+        system.</member>
 
         <member>IPTABLES — determines the iptables binary to be used by
-        <filename>/sbin/shorewall</filename>.</member>
+        <filename>/sbin/shorewall</filename>. The compiled firewall script
+        will use the IPTABLES specified in <filename>shorewall.conf</filename>
+        at compile-time on the administrative system; if IPTABLES was not
+        specified at compile time then the IPTABLES value from
+        <filename>/etc/shorewall/shorewall.conf</filename> on the firewall
+        system will be used by the firewall script.</member>
 
         <member>PATH</member>