From d950fa27f272eeb2e0e72a15292f2ddc11e8f47d Mon Sep 17 00:00:00 2001 From: teastep Date: Thu, 2 Apr 2009 01:12:34 +0000 Subject: [PATCH] Allow to be omitted from the 'compile' command Signed-off-by: Tom Eastep git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 + Shorewall/releasenotes.txt | 25 +++++++++ Shorewall/shorewall | 7 ++- Shorewall6/shorewall6 | 7 ++- manpages/shorewall.xml | 108 +++---------------------------------- manpages6/shorewall6.xml | 6 ++- 6 files changed, 47 insertions(+), 108 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 28931a89d..50e22b694 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -16,6 +16,8 @@ Changes in Shorewall 4.3.8 8) Remove SAME support. +9) Allow 'compile' without a pathname. + Changes in Shorewall 4.3.7 1) Fix forward treatment of interface options. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 34b82ae94..c94df971f 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -21,6 +21,11 @@ released late in 2009. 4) Dynamic Zone support is once again available for IPv4; ipset support is required in your kernel and in iptables. +5) A new AUTOMAKE option has been added to shorewall.conf and + shorewall6.conf. Setting this option will allow Shorewall to skip + the compilation phase during start/restart if no configuration + changes have occurred since the last start/restart. + ---------------------------------------------------------------------------- M I G R A T I O N I S S U E S ---------------------------------------------------------------------------- @@ -103,6 +108,26 @@ None. Note that the 'make' utility must be installed on the firewall system in order for AUTOMAKE=Yes to work correctly. +6) The 'compile' command now allows you to omit the . When + you do that, the defaults to /var/lib/shorewall/firewall + (/var/lib/shorewall6/firewall) unless you have overridden VARDIR + using /etc/shorewall/vardir (/etc/shorewall6/vardir). + + When combined with AUTOMAKE=Yes, it allows the following: + + gateway:~ # shorewall compile + Compiling... + Shorewall configuration compiled to /root/shorewall/firewall + gateway:~ # + ... + gateway:~ # shorewall restart + Restarting Shorewall.... + done. + gateway:~ # + + In other words, you can compile the current configuration then + install it at a later time. + ---------------------------------------------------------------------------- N E W F E A T U R E S IN 4 . 3 ---------------------------------------------------------------------------- diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 5378e4dc9..030032a80 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -563,7 +563,7 @@ compile_command() { finished=0 while [ $finished -eq 0 ]; do - [ $# -eq 0 ] && usage 1 + [ $# -eq 0 ] && break option=$1 case $option in -*) @@ -609,6 +609,9 @@ compile_command() { file= case $# in + 0) + file=${VARDIR}/firewall + ;; 1) file=$1 [ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2; @@ -1379,7 +1382,7 @@ usage() # $1 = exit status echo " allow
..." echo " check [ -e ] [ ]" echo " clear [ -f ]" - echo " compile [ -e ] [ ] " + echo " compile [ -e ] [ -d ] [ ] [ ]" echo " delete [:] ... " echo " drop
..." echo " dump [ -x ]" diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 2f43c88c3..4bfc4bfb2 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -539,7 +539,7 @@ compile_command() { finished=0 while [ $finished -eq 0 ]; do - [ $# -eq 0 ] && usage 1 + [ $# -eq 0 ] && break; option=$1 case $option in -*) @@ -585,6 +585,9 @@ compile_command() { file= case $# in + 0) + file=${VARDIR}/firewall + ;; 1) file=$1 [ -d $file ] && echo " ERROR: $file is a directory" >&2 && exit 2; @@ -1359,7 +1362,7 @@ usage() # $1 = exit status echo " allow
..." echo " check [ -e ] [ ]" echo " clear [ -f ]" - echo " compile [ -e ] [ ] " + echo " compile [ -e ] [ -d ] [ ] [ ]" echo " delete [:] ... " echo " drop
..." echo " dump [ -x ]" diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index 8262f5bfb..8e77c1338 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -56,8 +56,6 @@ - - @@ -88,15 +86,13 @@ - - directory - pathname + pathname @@ -150,8 +146,7 @@ -options - - + directory1 @@ -239,8 +234,6 @@ root-user-name - - directory system @@ -326,8 +319,6 @@ root-user-name - - directory system @@ -360,8 +351,6 @@ - - directory @@ -388,8 +377,6 @@ - - @@ -406,8 +393,6 @@ - - @@ -525,8 +510,6 @@ - - @@ -566,8 +549,6 @@ - - directory timeout @@ -678,12 +659,6 @@ -f capabilities > capabilities on a system with Shorewall Lite installed. - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. - The option only works when the compiler is Shorewall-perl. It causes the compiler to be run under control of the Perl debugger. @@ -718,7 +693,10 @@ Compiles the current configuration into the executable file pathname. If a directory is supplied, Shorewall - will look in that directory first for configuration files. + will look in that directory first for configuration files. If the + pathname is omitted, the file + firewall in the VARDIR (normally /var/lib/shorewall/) is assumed. When -e is specified, the compilation is being performed on a system other than where the compiled script will run. This option @@ -730,12 +708,6 @@ capabilities on a system with Shorewall Lite installed - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. - The option only works when the compiler is Shorewall-perl. It causes the compiler to be run under control of the Perl debugger. @@ -792,12 +764,6 @@ If directory1 is omitted, the current working directory is assumed. - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. - Allows a non-root user to compile a shorewall script and stage it on a system (provided that the user has access to the system via ssh). The command is equivalent to: @@ -905,12 +871,6 @@ If is included, it specifies that the root user on system is named root-user-name rather than "root". - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. @@ -1036,12 +996,6 @@ If is included, it specifies that the root user on system is named root-user-name rather than "root". - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. @@ -1075,22 +1029,6 @@ The option suppresses the compilation step and simply reused the compiled script which last started/restarted Shorewall. - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. - - - If you use Shorewall's multi-ISP feature, you are stronly - advised against using the -C option of the - restart command when switching between - Shorewall-shell and Shorewall-perl. The only supported way to - switch compilers is to shorewall stop followed - by shorewall start -C - compiler - @@ -1123,22 +1061,6 @@ configuration is restored from the saved configuration. If a directory is given, then Shorewall will look in that directory first when opening configuration files. - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. - - - If you use Shorewall's multi-ISP feature, you are stronly - advised against using the -C option of the - safe-restart command when switching between - Shorewall-shell and Shorewall-perl. The only supported way to - switch compilers is to shorewall stop followed - by shorewall safe-start -C - compiler - @@ -1153,12 +1075,6 @@ shorewall clear is performed for you. If a directory is given, then Shorewall will look in that directory first when opening configuration files. - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. @@ -1363,12 +1279,6 @@ The option causes the connection tracking table to be flushed; the conntrack utility must be installed to use this option. - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. @@ -1428,12 +1338,6 @@ role="bold">clear or restore is performed after timeout seconds. - - The option determines the compiler to use - (Shorewall-shell or Shorewall-perl). If not specified, the - SHOREWALL_COMPILER setting in shorewall.conf(5) determines the - compiler to use. diff --git a/manpages6/shorewall6.xml b/manpages6/shorewall6.xml index 8251a2827..d2431fe83 100644 --- a/manpages6/shorewall6.xml +++ b/manpages6/shorewall6.xml @@ -75,7 +75,7 @@ directory - pathname + pathname @@ -573,7 +573,9 @@ Compiles the current configuration into the executable file pathname. If a directory is supplied, Shorewall6 will look in that directory first for configuration - files. + files. If the pathname is omitted, the file + firewall in the VARDIR (normally /var/lib/shorewall/) is assumed. When -e is specified, the compilation is being performed on a system other than where the compiled script will run. This option