On 11/27/2012 03:09 PM, Mr Dash Four wrote: > >> 1) A zone may be specified in the SOURCE and DEST columns of a macro, >> while zone names are disallowed in these columns within an inline >> action (same as in a regular action). >> > That is one thing I never knew. > >> 6) In-line actions must be defined in /etc/shorewall[6]/actions. Those >> files have been extended to include an OPTIONS column. The only >> option currently supported is 'inline'. >> > Would you make the "default" actions (as they are currently provided in > shorewall) as "inline" or would you leave them as they are?
I would leave them as they are. The ones used for default actions create quite a few rules, so having them in a single chain as opposed to replicated seems like the right thing to do. There are other actions like action.Invalid which won't work inline because they use ?BEGIN PERL .... ?END PERL in ways that are incompatible with inlining. > >> Given the similarity between macros and inline actions, I propose >> that macros as default actions (in the POLICY column of >> /etc/shorewall[6]/policy) not be supported. It is trivial to convert a >> format-2 macro into an inline policy: >> >> - Change its name >> - Change $PARAM to $1 within the body of the macro. >> > You mean "PARAM", right? > Yes. >> Comments? >> > Looks very good and I think the introduction of the "$0" parameter was a > good idea too. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
