> Well, the most obvious answer is that there is no params file in the > directory that you are trying to compile. > That is not really the issue, is it? The real issue is that for some reason shorewall is attempting access to "/etc" (and, by extension, "/etrc/shorewall") without me asking (or granting) shorewall such access.
> /sbin/shorewall reads shorewall.conf prior to launching the compiler. > So? Again, that is not the issue - the issue is ... see above, I can't be bothered. > Given that shorewall.conf can use variables from params, the params file > is read first. And? > Because shorewall.conf has not be read yet, its > CONFIG_PATH setting is not yet available. > > The CONFIG_PATH used is formed by prepending the directory named in the > compile or check command, to the default CONFIG_PATH. > > So, at a minimum, the directory named in a 'compile' > or 'check' command must contain a params file and shorewall.conf. > I've never said/nor implied that the presence/absence of "params" (or any other) file is the issue. It isn't! For the last time - why is shorewall reading/attempting to access my "/etc" directory (and, by extension, "/etc/shorewall"), given that I have not specified, nor desire, nor granted shorewall such access? Second question: why is shorewall modifying my CONFIG_PATH to include "/etc" (and, by extension, "/etc/shorewall") - I've never specified such directory, nor desired (or granted) shorewall such access when executing "shorewall compile . firewall" to produce a separate-and-nothing-to-do-with-my-host-shorewall-configuration firewall script? If you are still struggling to comprehend the above points, here is the short version - I have no problems with shorewall screaming at me if/when "params" (or anything else) is missing - what I have an issue with is that shorewall, for whatever reason, unilaterally decided to access "/etc" (and, by extension, "/etc/shorewall") and place that directory in the middle of my CONFIG_PATH variable, without my knowledge or consent, screwing everything up in the process. The access to /"etc" was restricted by myself, deliberately, so that I could catch shorewall with its pants down (as evident from the above) if it attempts such access when none is desired, when I produce my shorewall firewall script designed to be used elsewhere. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
