Add DOCKER option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-19 17:42:54 -08:00 · 2016-02-19 17:42:54 -08:00 · e66d9f6547
commit e66d9f6547
parent 2ee1d11f94
13 changed files with 50 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -874,6 +874,7 @@ sub initialize( $;$$) {
 	  WORKAROUNDS => undef ,
 	  LEGACY_RESTART => undef ,
 	  RESTART => undef ,
+	  DOCKER => undef ,
 	  #
 	  # Packet Disposition
 	  #
@ -5857,6 +5858,7 @@ sub get_configuration( $$$$ ) {
    default_yes_no 'INLINE_MATCHES'             , '';
    default_yes_no 'BASIC_FILTERS'              , '';
    default_yes_no 'WORKAROUNDS'                , 'Yes';
+    default_yes_no 'DOCKER'                     , '';

    if ( supplied( $val = $config{RESTART} ) ) {
 	fatal_error "Invalid value for RESTART ($val)" unless $val =~ /^(restart|reload)$/;
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@ -146,6 +146,8 @@ DEFER_DNS_RESOLUTION=Yes

 DISABLE_IPV6=No

+DOCKER=No
+
 DELETE_THEN_ADD=Yes

 DETECT_DNAT_IPADDRS=No
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes

 DISABLE_IPV6=No

+DOCKER=No
+
 DELETE_THEN_ADD=Yes

 DETECT_DNAT_IPADDRS=No
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -154,6 +154,8 @@ DEFER_DNS_RESOLUTION=Yes

 DISABLE_IPV6=No

+DOCKER=No
+
 DELETE_THEN_ADD=Yes

 DETECT_DNAT_IPADDRS=No
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -157,6 +157,8 @@ DEFER_DNS_RESOLUTION=Yes

 DISABLE_IPV6=No

+DOCKER=No
+
 DELETE_THEN_ADD=Yes

 DETECT_DNAT_IPADDRS=No
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -150,6 +150,8 @@ DETECT_DNAT_IPADDRS=No

 DISABLE_IPV6=No

+DOCKER=No
+
 DONT_LOAD=

 DYNAMIC_BLACKLIST=Yes
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -733,6 +733,19 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis role="bold">DOCKER=</emphasis>[<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.6. When set to Yes, the generated
+          script will save Docker-generated rules before and restore them
+          after executing the start, reload and restart commands. If set to No
+          (the default), the generated script will delete any Docker-generated
+          rules when executing those commands.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">DONT_LOAD=</emphasis>[<emphasis>module</emphasis>[,<emphasis>module</emphasis>]...]</term>
@ -763,8 +776,8 @@
        <listitem>
          <para>Normally, when the SOURCE or DEST columns in
          shorewall-policy(5) contains 'all', a single policy chain is created
-          and the policy is enforced in that chain. For example, if the policy
-          entry is<programlisting>#SOURCE DEST POLICY LOG
+          and thes policy is enforced in that chain. For example, if the
+          policy entry is<programlisting>#SOURCE DEST POLICY LOG
 #                   LEVEL
 net     all  DROP   info</programlisting>then the chain name is 'net-all'
          ('net2all if ZONE2ZONE=2) which is also the chain named in Shorewall
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes

 DELETE_THEN_ADD=Yes

+DOCKER=No
+
 DONT_LOAD=

 DYNAMIC_BLACKLIST=Yes
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -140,6 +140,8 @@ DEFER_DNS_RESOLUTION=Yes

 DELETE_THEN_ADD=Yes

+DOCKER=No
+
 DONT_LOAD=

 DYNAMIC_BLACKLIST=Yes
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes

 DELETE_THEN_ADD=Yes

+DOCKER=No
+
 DONT_LOAD=

 DYNAMIC_BLACKLIST=Yes
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes

 DELETE_THEN_ADD=Yes

+DOCKER=No
+
 DONT_LOAD=

 DYNAMIC_BLACKLIST=Yes
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -139,6 +139,8 @@ DEFER_DNS_RESOLUTION=Yes

 DELETE_THEN_ADD=Yes

+DOCKER=No
+
 DONT_LOAD=

 DYNAMIC_BLACKLIST=Yes
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -611,6 +611,19 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis role="bold">DOCKER=</emphasis>[<emphasis
+        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 5.0.6. When set to Yes, the generated
+          script will save Docker-generated rules before and restore them
+          after executing the start, reload and restart commands. If set to No
+          (the default), the generated script will delete any Docker-generated
+          rules when executing those commands.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">DONT_LOAD=</emphasis>[<emphasis>module</emphasis>[,<emphasis>module</emphasis>]...]</term>