--On Friday, January 31, 2003 11:28 AM +0800 David Pitts <[EMAIL PROTECTED]> wrote:
I suggest that you find yourself a good book about the Unix shell. As you are reading it, impress upon yourself that unlike Windoze, Unix systems are case-sensitive. That means that in Unix, the following are ALL DIFFERENT:I'm confused about what I can use in Shorewall Policies and Rules to indicate the Firewall itself. The text seems to tell me I must use $fw but the initially commented out line in the Policy file uses just fw. Are $fw and fw interchangeable in rules and policies? Loc, dmz and net don't need the '$'?
fw
Fw
fW
FW
When you have learned about shell variables, you will have learned that when you precede the name of a variable by "$", the result is the VALUE of the variable.
When you write:
FOO=bar
the shell assigns the value 'bar' to the variable 'FOO'. After that, writing '$FOO' is that same as writing 'bar'.
Now in your shorewall.conf file, you will find
FW=fw
The thing on the left ('FW'-- which you are no longer going to confuse with 'fW', 'Fw' or 'fw') is a SHELL VARIABLE and it is being assigned the value 'fw'. So when you write '$FW' (not '$fw', '$fW' or '$Fw'), that is that same as if you had written 'fw'. On the other hand, if you had modified your shorewall.conf file to read:
FW=foo
then when you wrote '$FW', that would be the same if you had written 'foo' (not 'Foo', 'FOo', 'FoO', 'fOo', ....) and if you wrote 'fw' then Shorewall wouldn't understand what you were talking about.
Now you are probably asking yourself, why did Eastep assign a variable name for the firewall zone and none of the other zones? The reason is that Shorewall defines EXACTLY ONE ZONE -- the one specified by $FW. All other zones are user-defined and they all have exactly the same sementics as far as Shorewall is concerned.
In the sample policy file for the two-interface case, I STUPIDLY (as opposed to sTuPidLY, StUpIdLy, ... you get the idea) wrote 'fw' rather than '$FW'. Since I StUpIdLy assumed that the user would be using my shorewall.conf, I therefore stupidly assumed that 'fw' would be equivalent to '$FW'. I also sTUPidlY assumed that the user would have read all of the documentation (a truly perilous assuption in the best of times ::)).
Seriously, you can find out more about the uniqueness of the firewall zone in ANY of the QuickStart guides referenced at http://www.shorewall.net/shorewall_quickstart_guide.htm and at http://www.shorewall.net/Documentation.htm#Conf.
I will let the BerInG CrEw AdDresS tHat QUEstIOn.. As I said in my earlier post, Shorewall's samples don't assign ANY IP addresses...BTW, the other day I mentioned that some standard setup file had allocated IP addresses in the same subnet to my eth1 and eth2. The file that does that is the interfaces file in Bering if you accept the initially commented out configuration of the eth2 interface. Have I missed something here?
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
