On 02/13/2013 05:46 AM, Mr Dash Four wrote: > >> Well, the most obvious answer is that there is no params file in the >> directory that you are trying to compile. >> > That is not really the issue, is it? The real issue is that for some > reason shorewall is attempting access to "/etc" (and, by extension, > "/etrc/shorewall") without me asking (or granting) shorewall such access. > >> /sbin/shorewall reads shorewall.conf prior to launching the compiler. >> > So? Again, that is not the issue - the issue is ... see above, I can't > be bothered. > >> Given that shorewall.conf can use variables from params, the params file >> is read first. > And? > >> Because shorewall.conf has not be read yet, its >> CONFIG_PATH setting is not yet available. >> >> The CONFIG_PATH used is formed by prepending the directory named in the >> compile or check command, to the default CONFIG_PATH. >> >> So, at a minimum, the directory named in a 'compile' >> or 'check' command must contain a params file and shorewall.conf. >> > I've never said/nor implied that the presence/absence of "params" (or > any other) file is the issue. It isn't! For the last time - why is > shorewall reading/attempting to access my "/etc" directory (and, by > extension, "/etc/shorewall"), given that I have not specified, nor > desire, nor granted shorewall such access? > > Second question: why is shorewall modifying my CONFIG_PATH to include > "/etc" (and, by extension, "/etc/shorewall") - I've never specified such > directory, nor desired (or granted) shorewall such access when executing > "shorewall compile . firewall" to produce a > separate-and-nothing-to-do-with-my-host-shorewall-configuration firewall > script? > > If you are still struggling to comprehend the above points, here is the > short version - I have no problems with shorewall screaming at me > if/when "params" (or anything else) is missing - what I have an issue > with is that shorewall, for whatever reason, unilaterally decided to > access "/etc" (and, by extension, "/etc/shorewall") and place that > directory in the middle of my CONFIG_PATH variable, without my knowledge > or consent, screwing everything up in the process. > > The access to /"etc" was restricted by myself, deliberately, so that I > could catch shorewall with its pants down (as evident from the above) if > it attempts such access when none is desired, when I produce my > shorewall firewall script designed to be used elsewhere.
See the first 'New Feature' in 4.5.14 Beta 1 -Tom PS -- hope you don't struggle to comprehend why that change addresses your problem. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
