-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 03/17/2017 11:32 AM, [email protected] wrote:
> Tom
>
> On Fri, Mar 17, 2017, at 11:05 AM, Tom Eastep wrote:
>> You don't need to pass anything if you just use &<interface>
>> (e.g., ð0). The generated script determines the address *at
>> runtime*.
>
> Wow, I got that COMPLETELY wrong :-/
>
>> If the interface might not have an address (it might be down),
>> then use the %<interface> form instead.
>
> Ok, so
>
> params MY_EXT_IF=eth0 MY_EXT_IP=%{$MY_EXT_IF}
>
> should work? assuming that I can use a variable reference inside
> the %{}.
No. YOU CAN'T USE THE PARAMS FILE FOR WHAT YOU ARE TRYING TO DO
because it is only processed at compile time. That's why I created the
&<interface> address variable.
>
> The docs say
>
> Beginning with Shorewall 5.0.14, if a Shorewall-defined address
> variable's value has changed since the Netfilter ruleset was
> instantiated, then a successful enable command will automatically
> reload the ruleset.
>
> IIUC, the
>
> MY_EXT_IP=%{$MY_EXT_IF}
>
> is *NOT* a "Shorewall-defined" variable, but a "user-defined"
> variable.
>
> Is that reload-the-ruleset-on-enable behavior still valid?
Yes.
>
> Also, seems the additional safe/sane thing to do is have my
> ddlclient script simply do a `reload` when it detects any change.
Yes -- that is always advisable.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYzC5bAAoJEJbms/JCOk0QoSgP/iCWz1dFUdbsd5FO7z3WCuOr
TXi3ikSV0MCFeujMEhXlh75cQJc86Ok8ohgDtL68Pa4rLujUFY52KH2KnUuBXD1D
+pvCGCW4Rt0SsaXSLbqdOzdspXlCMYc8LVx8bLtYqBOXSOwG6Id/Ilec6YBdWHQo
tmD6Zg3oWQ+OTWgSwyRE2aatEJZxnixrViV1mXlss2SlCjFJ4t/FJbSDm0TTif61
6YRKzozm92q++Xfb1xZJvtDso7SayNtoZRhK2FwFwstv604/NVYZmEvbsGcbA8pq
ucZXWaDHxSjupPJ63EkKnt3x/QRRXD4yNWdGPmMaTukqlzrWDUH7/yOx+WGubupi
eZGzs9DdX5lqemiwV+QEGnOxcks50fnrpHUlgvQNrr5rS00qsxASPkiKLhAYTzYF
VwU+sE5Cu6xUiA6ZOIddy4wxcrYDiAKgBqPDHmp/Iqzq7oLmh/yn59H7TM4eCMP2
aeMEfdrx0M4UnJI2J/7DdBG+a5gnopxfoWt47ejqgYsGzVz/sgKMjtNsayF+ekMG
VZj6dJYH1hvByEeyOHrN0WKFZMIz/+9K+RCbRqSNmlZqsQkfOCJErwzPoZ65Xnow
BYh+Qri4AhPHSJD0wdHfrt+gTIkQu1ZmtMd/YlGTjbdX7ndgQmDIFF7kwXgzJsMr
1tflMEV8DtaKs0GWrWfi
=ChYy
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
