Rationalize use of IPTABLES and LOGFORMAT with Shorewall Lite

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4029 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-06-08 21:49:34 +00:00 · 2006-06-08 21:49:34 +00:00 · d630f57305
commit d630f57305
parent 68884e8a79
8 changed files with 69 additions and 6 deletions
--- a/Shorewall-lite/changelog.txt
+++ b/Shorewall-lite/changelog.txt
@ -1,3 +1,9 @@
 Changes in 3.2.0 RC 2
 1)  Remove VERSION from shorecap.
 2)  Rationalize the use of IPTABLES and LOGFORMAT.
 Changes in 3.2.0 RC 1
 1)  First Release.
--- a/Shorewall-lite/releasenotes.txt
+++ b/Shorewall-lite/releasenotes.txt
@ -2,7 +2,19 @@ Shorewall Lite 3.2.0 RC 2
 Problems Corrected in 3.2.0 RC 2
-None.
+1)  The treatment of IPTABLES and LOGFORMAT have been clarified with
    respect to Shorewall Lite. If these options are set in the
    shorewall.conf file used at compile time, then the generated
    firewall script will use those values. /sbin/shorewall on the
    firewall system will use the corresponding values from
    /etc/shorewall/shorewall.conf on that system.
    If the values are not given in shorewall.conf at compile time then
    the values in /etc/shorewall/shorewall.conf on the firewall system
    will be used by the generated firewall script.
    To take advantage of this change, both the administrative system
    and the firewall system(s) must be running RC2 or later.
 Other changes in 3.2.0 RC 2
--- a/Shorewall-lite/shorewall
+++ b/Shorewall-lite/shorewall
@ -187,6 +187,8 @@ get_config() {
    [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
    export LOGFORMAT
    if [ -n "$IPTABLES" ]; then
 	if [ ! -e "$IPTABLES" ]; then
 	    echo "   ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
@ -200,6 +202,8 @@ get_config() {
 	fi
    fi
    export IPTABLES
    if [ -n "$SHOREWALL_SHELL" ]; then
 	if [ ! -e "$SHOREWALL_SHELL" ]; then
 	    echo "   ERROR: The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,8 @@ Changes in 3.2.0 RC 2
 1)  Update versions.
 2)  Rationalize the use of IPTABLES and LOGFORMAT.
 -------------------------------------------------------------------------------
 Changes in 3.2.0 RC 1
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -8234,7 +8234,19 @@ __EOF__
    LOGLIMIT="$LOGLIMIT"
    LOGTAGONLY="$LOGTAGONLY"
    LOGRULENUMBERS="$LOGRULENUMBERS"
 __EOF__
    if [ -n "$LOGFORMAT" ]; then
 	cat >&3 << __EOF__
    LOGFORMAT="$LOGFORMAT"
 __EOF__
    else
 	cat >&3 << __EOF__
    [ -n "\$LOGFORMAT\" ] || LOGFORMAT="Shorewall:%s:%s:"
 __EOF__
    fi
    cat >&3 << __EOF__
    RESTOREFILE="$RESTOREFILE"
    VERSION="$VERSION"
    CONFIG_PATH="$CONFIG_PATH"
@ -8251,9 +8263,9 @@ __EOF__
 __EOF__
   else
 	cat >&3 << __EOF__
-    IPTABLES=\$(mywhich iptables 2> /dev/null)
+    [ -z "\$IPTABLES\" ] && IPTABLES=\$(mywhich iptables 2> /dev/null)
-    [ -z "\$IPTABLES" ] && startup_error "Can't find iptables executable"
+    [ -n \"$IPTABLES\" -a -e "\$IPTABLES" ] || startup_error "Can't find iptables executable"
 __EOF__
    fi
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -33,7 +33,19 @@ Note to users upgrading from Shorewall 2.x or 3.0
 Problems Corrected in 3.2.0 RC 2
-None.
+1)  The treatment of IPTABLES and LOGFORMAT have been clarified with
    respect to Shorewall Lite. If these options are set in the
    shorewall.conf file used at compile time, then the generated
    firewall script will use those values. /sbin/shorewall on the
    firewall system will use the corresponding values from
    /etc/shorewall/shorewall.conf on that system.
    If the values are not given in shorewall.conf at compile time then
    the values in /etc/shorewall/shorewall.conf on the firewall system
    will be used by the generated firewall script.
    To take advantage of this change, both the administrative system
    and the firewall system(s) must be running RC2 or later.
 Other changes in 3.2.0 RC 2
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -214,6 +214,8 @@ get_config() {
    [ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:"
    export LOGFORMAT
    if [ -n "$IPTABLES" ]; then
 	if [ ! -e "$IPTABLES" ]; then
 	    echo "   ERROR: The program specified in IPTABLES does not exist or is not executable" >&2
@ -227,6 +229,8 @@ get_config() {
 	fi
    fi
    export IPTABLES
    if [ -n "$SHOREWALL_SHELL" ]; then
 	if [ ! -e "$SHOREWALL_SHELL" ]; then
 	    echo "   ERROR: The program specified in SHOREWALL_SHELL does not exist or is not executable" >&2
--- a/docs/CompiledPrograms.xml
+++ b/docs/CompiledPrograms.xml
@ -259,10 +259,21 @@
        <member>LOGFILE</member>
        <member>LOGFORMAT — used by <filename>/sbin/shorewall</filename> for
-        finding 'Shorewall' log messages.</member>
+        finding 'Shorewall' log messages only. The format of the messages
        themselves is defined by the LOGFORMAT in shorewall.conf used when the
        firewall script was compiled on the administrative system. If
        LOGFORMAT was not specified at compile time then the firewall script
        will use the value from
        <filename>/etc/shorewall/shorewall.conf</filename> on the firewall
        system.</member>
        <member>IPTABLES — determines the iptables binary to be used by
-        <filename>/sbin/shorewall</filename>.</member>
+        <filename>/sbin/shorewall</filename>. The compiled firewall script
        will use the IPTABLES specified in <filename>shorewall.conf</filename>
        at compile-time on the administrative system; if IPTABLES was not
        specified at compile time then the IPTABLES value from
        <filename>/etc/shorewall/shorewall.conf</filename> on the firewall
        system will be used by the firewall script.</member>
        <member>PATH</member>