From fd1c74ca9fad47b83fcff6f8a7927826c35616f7 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 9 Feb 2007 16:15:08 +0000
Subject: [PATCH] Add EXPORTPARAMS option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5376 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/changelog.txt    |  6 +++--
 Shorewall/compiler         |  2 +-
 Shorewall/lib.config       |  2 ++
 Shorewall/releasenotes.txt | 47 ++++++++++++++------------------------
 Shorewall/shorewall.conf   |  2 ++
 5 files changed, 26 insertions(+), 33 deletions(-)

diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 79ebc5f5a..76799bcd6 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -13,9 +13,11 @@ Changes in 3.4.0 RC 1
 4)  Allow ranges and ipset names in the ADDRESSES column of maclist
     file.
 
-5)  Fix INCLUDE in extension scripts and /etc/shorewall/params.
+5)  Add helpers for SIP to the modules file.
 
-6)  Add helpers for SIP to the modules file.
+6)  Only copy /etc/shorewall/params to output if non-export.
+
+7)  Add EXPORTPARAMS option
 
 Changes in 3.4.0 Beta 3
 
diff --git a/Shorewall/compiler b/Shorewall/compiler
index d70db613b..c08b962e7 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -5092,7 +5092,7 @@ __EOF__
 __EOF__
     fi
 
-    append_file params
+    [ -n "$EXPORTPARAMS" -o -z "$EXPORT" ] && append_file params
 
     cat >&3 << __EOF__
 
diff --git a/Shorewall/lib.config b/Shorewall/lib.config
index e3604ab11..efae40bfd 100644
--- a/Shorewall/lib.config
+++ b/Shorewall/lib.config
@@ -1804,6 +1804,7 @@ do_initialize() {
     HIGH_ROUTE_MARKS=
     USE_ACTIONS=
     OPTIMIZE=
+    EXPORTPARAMS=
     #
     # Packet Disposition
     #
@@ -2027,6 +2028,7 @@ do_initialize() {
     HIGH_ROUTE_MARKS=$(added_param_value_no HIGH_ROUTE_MARKS $HIGH_ROUTE_MARKS)
     TC_EXPERT=$(added_param_value_no TC_EXPERT $TC_EXPERT)
     USE_ACTIONS=$(added_param_value_yes USE_ACTIONS $USE_ACTIONS)
+    EXPORTPARAMS=$(added_param_value_yes EXPORTPARAMS $EXPORTPARAMS)
     [ -n "$USE_ACTIONS" ] && lib_load actions "USE_ACTIONS=Yes"
 
     [ -n "$XCONNMARK_MATCH" ] || XCONNMARK=
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 1e4e0ea1d..44c093819 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -34,13 +34,24 @@ Problems Corrected in 3.4.0 RC2
     automatically loaded by Shorewall. They have now been added to the
     /usr/share/shorewall[-lite]/modules files.
 
-2)  If "INCLUDE <filename>" appeared in /etc/shorewall/params then
-    run-time errors occurred. This has been corrected. Note that if you
-    use INCLUDE in your params file in an export directory then the
-    included file must also be available on the firewall system in
-    /etc/shorewall-lite/. 
+2)  It is very difficult to code a 'params' file that assigns other
+    than constant values such that it works correctly with Shorewall
+    Lite. To work around this problem, a new EXPORTPARAMS option
+    has been added to shorewall.conf. When EXPORTPARAMS=No, the
+    'params' file is no longer copied to the compiler output when the
+    '-e' flag is present.
 
-Other Changes in 3.4.0 RC 1
+    With EXPORTPARAMS=No, uf you need to set environmental variables on
+    the firewall system for use by your extension scripts, then do so
+    in the init extension script.
+
+    The default is EXPORTPARAMS=Yes to retain the current behavior.
+
+    This fix is brought forward from Shorewall version 3.2.9.
+ 
+Other Changes in 3.4.0 RC 2
+
+None.
 
 Migration Considerations:
 
@@ -133,30 +144,6 @@ http://www.shorewall.net/pub/shorewall/3.2/shorewall-3.2.8/releasenotes.txt
     /etc/shorewall-lite/shorewall-lite.conf. When you upgrade,
     your shorewall.conf file will be renamed shorewall-lite.conf.
 
-6)  This issue only applies if you set shell variables in
-    /etc/shorewall/params.
-
-    Beginning with Shorewall 3.4.0, Shorewall will only process
-    /etc/shorewall/params during the compile phase. Any shell variables
-    needed at run-time by your extension scripts must be set in
-    /etc/shorewall/init.
-
-    In a Shorewall/Shorewall Lite environment, this allows
-    /etc/shorewall/params to be written to run exclusively
-    on the administrative system while /etc/shorewall/init runs
-    exclusively on the firewall system.
-
-    So shell variables required at compile time may be set in
-    /etc/shorewall/params and those required at run-time may be set in
-    /etc/shorewall/init.
-
-    As part of this change, extra white space is no longer removed from
-    /etc/shorewall/params as it was in RC1.
-
-    The /etc/shorewall/compile extension script introduced in Shorewall
-    3.2.9 will continue to be supported but its use is deprecated since
-    it now performs the same function as /etc/shorewall/params.
-
 New Features in Shorewall 3.4:
 
 1)  In order to accomodate small embedded applications, Shorewall 3.4
diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf
index 7d4644596..fd169068c 100644
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@@ -145,6 +145,8 @@ USE_ACTIONS=Yes
 
 OPTIMIZE=0
 
+EXPORTPARAMS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################