Add COMMENT feature to the /etc/shorewall/nat file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4656 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/compiler

@@ -899,6 +899,11 @@ setup_tc1() {
 	    fi
 	done < $TMP_DIR/tcrules
     fi
+    #
+    # Just in case the file ended with a comment
+    #
+    [ -n "$COMMENTS" ] && save_command COMMENT=
+   
     #
     # Link to the TC mangle chains from the main chains
     #
@@ -1037,6 +1042,10 @@ __EOF__
 	    fi
 	done < $TMP_DIR/tcrules
     fi
+    #
+    # Just in case the file ended with a comment
+    #
+    [ -n "$COMMENTS" ] && save_command COMMENT=
 
     if [ -n "$TC_SCRIPT" ]; then
 	save_progress_message "Refreshing Traffic Shaping"
@@ -2828,6 +2837,10 @@ process_rules()
 	fi
 
     done < $TMP_DIR/rules
+    #
+    # Just in case the file ended with a comment
+    #
+    [ -n "$COMMENTS" ] && save_command COMMENT=
 
     case $SECTION in
 	ESTABLISHED)
@@ -4919,6 +4932,7 @@ __EOF__
     cat >&3 << __EOF__
 
     STOPPING=
+    COMMENT=
     #
     # The library requires that ${VARDIR} exist
     #

Shorewall/lib.nat

@@ -451,6 +451,10 @@ __EOF__
 		error_message "WARNING: NAT disabled; masq rule ignored"
 	    fi
 	done < $TMP_DIR/masq
+        #
+        # Just in case the file ended with a comment
+        #
+	[ -n "$COMMENTS" ] && save_command COMMENT=
     fi
 }
 
@@ -458,7 +462,7 @@ __EOF__
 # Setup Static Network Address Translation (NAT)
 #
 setup_nat() {
-    local external= interface= internal= allints= localnat= policyin= policyout=
+    local external= interface= internal= allints= localnat= policyin= policyout= comment=
 
     validate_one() #1 = Variable Name, $2 = Column name, $3 = value
     {
@@ -527,11 +531,26 @@ setup_nat() {
 	while read external interface internal allints localnat; do
 	    expandv external interface internal allints localnat
 	    
-	    do_one_nat
+	    if [ "x$external" = xCOMMENT ]; then
-
+		if [ -n "$COMMENTS" ]; then
+		    comment=$(echo $interface $internal $allints $localnat)
+		    save_command COMMENT=\"$comment\"
+		else
+		    error_message "COMMENT ignored --  requires comment support in iptables/Netfilter"
+		fi
+	    else
+		do_one_nat
+		if [ -n "$comment" ]; then
+		    comment=
+		    save_command COMMENT=
+		fi
+	    fi
 	    progress_message_and_save "   Host $internal NAT $external on $interface"
 	done < $TMP_DIR/nat
+	
+	[ -n "$COMMENTS" ] && save_command COMMENT=
     fi
+    
 }
 
 #

Shorewall/nat

@@ -16,6 +16,12 @@
 #			IP address of the interface named in the next
 #			column and must not be a DNS Name.
 #
+#                       If you put COMMENT in this column, the rest of the
+#			line will be attached as a comment to the Netfilter
+#			rule(s) generated by the next entry in the file.
+#			The comment will appear delimited by "/* ... */"
+#			in the output of "shorewall show nat"
+#
 #	INTERFACE	Interface that has the EXTERNAL address.
 #			If ADD_IP_ALIASES=Yes in shorewall.conf, Shorewall
 #			will automatically add the EXTERNAL address to this

Shorewall/releasenotes.txt

@@ -74,16 +74,16 @@ Other changes in 3.3.3
     delimited by '/* ... */" in the output.
 
     Beginning with Shorewall 3.3.3, you may place COMMENT lines in the
-    /etc/shorewall/rules, /etc/shorewall/tcrules and
+    /etc/shorewall/rules, /etc/shorewall/tcrules, /etc/shorewall/nat
-    /etc/shorewall/masq files. The remainder of the line is treated as
+    and /etc/shorewall/masq files. The remainder of the line is treated
-    a comment and it will be attached as a Netfilter comment to the
+    as a comment and it will be attached as a Netfilter comment to the
     rule(s) generated by the next entry in the file.
 
     If you do not have Comment support in your iptables/kernel (see the
     output of "shorewall[-lite] show capabilities") then COMMENTS are
-    ignored with this warnig:
+    ignored with this warning:
 
-        COMMENT ignored --  requires comment support in iptables/Netfilter
+     COMMENT ignored --  requires comment support in iptables/Netfilter
 
     Example from my rules file: