On 9/2/2014 12:23 PM, PGNd wrote:
> I've compiled and deployed to a remote instance
>
> shorewall-lite version
> 4.6.3.1
>
> my firewall config includes a number of @lib.private declared functions
>
> they're seen @ the remote instance in the pushed fw script; for example,
>
> cat /var/lib/shorewall-lite/firewall
> ...
> load_ipsets4() {
> SH="/bin/sh"
> IPSET="/usr/sbin/ipset"
> ...
>
> v4.6.3's new `shorewall run ...` support
> (https://www.mail-archive.com/[email protected]/msg17241.html)
> is quite useful. in a centrally-managed scheme, the runnable scripts need
> be in the context of the remote instance. i.e,. using 'shorewall{,6}-lite'
> to exec.
>
> fyi, checking on the remote, there are duplicate/different usage docs @ `help`
>
> shorewall-lite help
> Usage: shorewall-lite [debug|trace] [nolock] [ -q ] [
> -v[-1|{0-2}] ] [ -t ] <command>
> where <command> is one of:
> ...
> run <command> [ <parameter> ... ]
> ...
> run <function> [ function ... ]
> ...
>
> and if I try to exec it
>
> shorewall-lite run load_ipsets4
>
> I get an odd return
>
> Usage: /var/lib/shorewall-lite/firewall [ options ] <command>
>
> <command> is one of:
> start
> stop
> clear
> disable <interface>
> down <interface>
> enable <interface>
> reset
> refresh
> restart
> status
> up <interface>
> version
>
> Options are:
>
> -v and -q Standard Shorewall verbosity controls
> -n Don't update routing configuration
> -p Purge Conntrack Table
> -t Timestamp progress Messages
> -V <verbosity> Set verbosity explicitly
> -R <file> Override RESTOREFILE setting
>
> and the function, itself, is not executed/var/lib/shorewall-lite/firewall appears to have been compiled on an earlier version. The help text when compiled with the current version is: <command> is one of: start stop clear disable <interface> down <interface> enable <interface> reset refresh restart run <command> [ <parameter> ... ] <======== status up <interface> version Options are: -v and -q Standard Shorewall verbosity controls -n Don't update routing configuration -p Purge Conntrack Table -t Timestamp progress Messages -V <verbosity> Set verbosity explicitly -R <file> Override RESTOREFILE setting -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
