Andrew Suffield wrote: > On Fri, Oct 26, 2007 at 08:11:55AM -0700, Tom Eastep wrote: >> I regret having to inform you that macro files don't have an ORIGINAL DEST >> column. > > Perhaps it's time to completely rethink macros. They're obviously > designed to be convinient to process in shell; shorewall-perl should > be able to do something much more flexible with very little effort. > > Let me just pull something out of the air, to give you some ideas. I'm > making this up as I go along, so it may set fire to your cat. This is > a description of one possible feature set that would make a good > replacement: > > In the rules file, a 'function' is any line of the form: > > name/args > > where 'args' is a whitespace-delimited list of arguments. Example: > > #ACTION SOURCE DEST PROTO DEST PORT(S) > SMTP/DNAT:info net 192.168.1.5 > > This is a call to the function 'SMTP' with the arguments 'DNAT:info', > 'net', and '192.168.1.5'. Shorewall breaks the line up by whitespace > but otherwise places no particular significance on the arguments; > they're passed through to the function as-is.
I'll have to think about this proposal. I don't believe that I can just suddenly de-implement Macros in Shorewall-perl so I would need to add the 'function' capability in an upwardly-compatible way. FWIW, the reason that macro's don't support ORIGINAL DEST is that they can be used in both the rules file and in action bodies. I chose to make macros support the least common denominator of those two. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
