It turns out to be very difficult to write a 'params' file that is usable with Shorewall Lite unless the file contains nothing but static assignments. That is because 'params' runs both on the administrative system at compile time and on the firewall system at run-time.
After making several false starts in an effort to solve this problem, I've decided to make the following change in both 3.2.9 and 3.4.0 RC2. When the "-e" option is specified to the compiler (as it is when run by the "load" and "reload" commands), the 'params' file will no longer be copied into the compiled script. So 'params' will only be run at compile time. This means that shell variables needed at compile time (i.e., those that appear in Shorewall configuration files) need to be assigned a value in the export directory's 'params' file. Those shell variables needed at run-time (i.e., those that appear in extension scripts that are copied into the compiled script) need to be assigned a value in the 'init' extension script. With this change, 'params' can be coded under the assumption that it always runs on the administrative system while 'init' can continue to be coded under the assumption that it will always run on the firewall system. If 'params' needs to get information from the firewall system, it can do so using ssh. For example, you can use the following trick to obtain the IP address of an interface on the firewall system (but don't fold it like my mailer is doing here): ADDR=$(ssh [EMAIL PROTECTED] "/sbin/shorewall-lite call find_first_interface_address eth0" ) The above would set ADDR to the IP address of 'eth0' on the system 'firewall'. The shorewall-lite 'call' command allows you to interactively call any function in shorewall-lite or in /usr/share/shorewall-lite/functions (3.2.x) and in /usr/share/shorewall-lite/lib.base and /usr/share/shorewall-lite/lib.cli (3.4.x). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
