diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 58b6a0d92..d57e0d19a 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -122,6 +122,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script $debug %config %globals + %params F_IPV4 F_IPV6 @@ -132,7 +133,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script Exporter::export_ok_tags('internal'); -our $VERSION = '4.4_14'; +our $VERSION = '4.4_15'; # # describe the current command, it's present progressive, and it's completion. @@ -268,6 +269,10 @@ our @includestack; # Allow nested opens # our @openstack; +# +# From the params file +# +our %params; our $currentline; # Current config file line image our $currentfile; # File handle reference @@ -704,6 +709,8 @@ sub initialize( $ ) { $shorewall_dir = ''; #Shorewall Directory $debug = 0; + + %params = (); } INIT { @@ -1851,14 +1858,15 @@ sub read_a_line(;$) { my $count = 0; # - # Expand Shell Variables using %ENV + # Expand Shell Variables using %params # # $1 $2 $3 - $4 while ( $currentline =~ m( ^(.*?) \$({)? ([a-zA-Z]\w*) (?(2)}) (.*)$ )x ) { - my $val = $ENV{$3}; + my $val = $params{$3}; unless ( defined $val ) { - fatal_error "Undefined shell variable (\$$3)" unless exists $ENV{$3}; + $params{$3} = $ENV{$3} if $ENV{$3}; + fatal_error "Undefined shell variable (\$$3)" unless exists $params{$3}; $val = ''; } @@ -2869,6 +2877,29 @@ sub unsupported_yes_no_warning( $ ) { warning_message "$option=Yes is not supported by Shorewall $globals{VERSION}" if $config{$option}; } +# +# Process the params file +# +sub get_params() { + my $fn = find_file 'params'; + + if ( $fn ) { + progress_message1 "Processing $fn ..."; + + my @params = `$globals{SHAREDIRPL}/getparams $fn`; + + fatal_error "Processing of $fn failed" if $?; + + for ( @params ) { + if ( /^(?:(.*?)=)(.*)$/ ) { + $params{$1} = $2 unless $1 eq '_'; + } else { + assert(0); + } + } + } +} + # # - Read the shorewall.conf file # - Read the capabilities file, if any @@ -2886,6 +2917,8 @@ sub get_configuration( $ ) { ensure_config_path; + get_params; + process_shorewall_conf; ensure_config_path; diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index f186125da..741f8c83f 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -84,7 +84,7 @@ our @EXPORT = qw( NOTHING ); our @EXPORT_OK = qw( initialize ); -our $VERSION = '4.4_14'; +our $VERSION = '4.4_15'; # # IPSEC Option types @@ -424,7 +424,7 @@ sub process_zone( \$ ) { fatal_error 'Firewall zone may not be nested' if @parents; fatal_error "Only one firewall zone may be defined ($zone)" if $firewall_zone; $firewall_zone = $zone; - $ENV{FW} = $zone; + $params{FW} = $zone; $type = FIREWALL; } elsif ( $type eq 'vserver' ) { fatal_error 'Vserver zones may not be nested' if @parents; diff --git a/Shorewall/Perl/getparams b/Shorewall/Perl/getparams new file mode 100755 index 000000000..d719f92e9 --- /dev/null +++ b/Shorewall/Perl/getparams @@ -0,0 +1,42 @@ +#!/bin/sh +# +# The Shoreline Firewall Packet Filtering Firewall Param File Helper - V4.4 +# +# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt] +# +# (c) 2010 - Tom Eastep (teastep@shorewall.net) +# +# Complete documentation is available at http://shorewall.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of Version 2 of the GNU General Public License +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +exported=$(env | sed 's/=.*//'); + +# +# Sigh -- POSIX shells don't support 'typeset' or 'declare' +# + +for v in $exported; do + eval t=\"\$$v\" + eval $v= + eval $v=\"$t\" +done + +set -a + +. $1 + +set +a + +env diff --git a/Shorewall/install.sh b/Shorewall/install.sh index f083e364f..fa697e768 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -816,6 +816,13 @@ install_file compiler.pl ${DESTDIR}/usr/share/shorewall/compiler.pl 0755 echo echo "Compiler installed in ${DESTDIR}/usr/share/shorewall/compiler.pl" # +# Install the params file helper +# +install_file getparams ${DESTDIR}/usr/share/shorewall/getparams 0755 + +echo +echo "Params file helper installed in ${DESTDIR}/usr/share/shorewall/getparams" +# # Install the libraries # for f in Shorewall/*.pm ; do diff --git a/Shorewall/shorewall b/Shorewall/shorewall index a48615b40..b16100328 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -353,12 +353,6 @@ compiler() { [ -n "$g_preview" ] && options="$options --preview" [ "$g_debugging" = trace ] && options="$options --debug" [ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains" - # - # Run the appropriate params file - # - set -a; - run_user_exit params - set +a if [ -n "$PERL" ]; then if [ ! -x "$PERL" ]; then diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index da4780c15..a0b9c2d9e 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -97,6 +97,7 @@ fi %attr(0755,root,root) /usr/share/shorewall/wait4ifup %attr(755,root,root) /usr/share/shorewall/compiler.pl +%attr(755,root,root) /usr/share/shorewall/params %attr(0644,root,root) /usr/share/shorewall/prog.* %attr(0644,root,root) /usr/share/shorewall/Shorewall/*.pm diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index d64c07a5c..001353e8f 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -290,14 +290,6 @@ compiler() { [ "$g_debugging" = trace ] && options="$options --debug" [ -n "$g_refreshchains" ] && options="$options --refresh=$g_refreshchains" [ -x $pc ] || startup_error "Shorewall6 requires the shorewall package which is not installed" - # - # Run the appropriate params file - # - if [ -z "$haveparams" ]; then - set -a; - run_user_exit params - set +a - fi if [ -n "$PERL" ]; then if [ ! -x "$PERL" ]; then