In my shorewall/params I define (for the moment)
IPv4_0=192.0.2.225
IPv4_0_WAN=$IPv4_0/32
and use those elsewhere in 'params' & 'rules'.
That address, from my ISP, is very-sticky, but not static. It's a decent,
probable default, but I want to get to a more robust solution.
Since my ISP provide the address via DHCP, and my dhcp interface config gets
the right IP, I thought I could change to using
IPv4_0=192.0.2.225
IPv4_0=$( /usr/sbin/shorewall-lite call
find_first_interface_address_if_any eth0 )
and changing to
EXPORTPARAMS=Yes
in shorewall.conf, since, checking
/usr/sbin/shorewall-lite call find_first_interface_address_if_any eth0
does return
192.0.2.225
Unfortunately, when I change the "IPv4_0" usage in 'params', the firewall still
compiles, but a bunch of my access breaks.
I'm pretty sure it's @ the rules depending on that "$IPv4_0" variable.
Should that be somehow moved out of 'params' and set/detected earlier? Is
there a better way to get that 'sticky' IP address into shorewall?
Jason
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
