On 12-02-21 04:38 PM, Tom Eastep wrote: > On 02/21/2012 01:23 PM, Brian J. Murrell wrote: >> Currently I have in my params: >> >> CGCOIF=$(ssh root@gw "/sbin/uci -p /var/state get network.wan0.ifname") >> IGSIF=$(ssh root@gw "/sbin/uci -p /var/state get network.wan1.ifname") >> PPPEIF=$(ssh root@gw "/sbin/uci -p /var/state get >> network.pppoe_ether.device") >> CGCO_GATEWAY=$(ssh root@gw "/sbin/uci -p /var/state get >> network.wan0.gateway") >> IGS_GATEWAY=$(ssh root@gw "/sbin/uci -p /var/state get network.wan1.gateway") >> IGS_ADDRESS=$(ssh root@gw "/sbin/uci -p /var/state get network.wan1.ipaddr")
FWIW, the following seems to do the trick in params: ssh root@gw "echo CGCOIF=\$(/sbin/uci -p /var/state get network.wan0.ifname) echo IGSIF=\$(/sbin/uci -p /var/state get network.wan1.ifname) echo PPPEIF=\$(/sbin/uci -p /var/state get network.pppoe_ether.device) echo CGCO_GATEWAY=\$(/sbin/uci -p /var/state get network.wan0.gateway) echo CGCO_ADDRESS=\$(/sbin/uci -p /var/state get network.wan0.ipaddr) echo IGS_GATEWAY=\$(/sbin/uci -p /var/state get network.wan1.gateway) echo IGS_ADDRESS=\$(/sbin/uci -p /var/state get network.wan1.ipaddr)" > foo eval $(cat foo) rm foo I'm sure there's some quoting magic to eliminate the "foo" intermediate, but it's just too late in the day to keep messing with it. > I guess my first question is "How are you using these variables?". Some examples: ./masq:$IGSIF !$IGS_ADDRESS $IGS_ADDRESS ./interfaces:pppe $PPPEIF detect maclist,routeback,optional ./rules:Ping/ACCEPT fw net:$CGCO_GATEWAY ./accounting:DONE - - $CGCO_ADDRESS ./rules:#Ping/ACCEPT fw net:$IGS_GATEWAY > In > configuration files, the first three can be replaced by "Runtime Address > Variables"; see > http://www.shorewall.net/configuration_file_basics.htm#Variables. Ahhh. &<ifname>? Note that those first three variables in my list above are interface names not their addresses. The .ipaddr ones are addresses. Can I assume these runtime variables will work for shorewall-lite installations? > Shorewall will detect the gateway addresses for you and store them in > shell variables in the generated script, but so far I haven't > implemented gateway Runtime Address Variables, though. Not hard to do, > though... Is this answering my question about application in shorewall-lite configurations perhaps? I guess ultimately it would be nice to generalize my above ssh-and-eval for an arbitrary list of <variable>=<the-result-of-some-command-on-gateway> but with optimizing the remote executions into a single round-trip. The above trick does work though it not entirely straightforward for the average user to figure out. Cheers, b.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
