Hi,
I use conditional configuration triggers with environment variables for
different scenarios and I've noticed strange behaviors using these
conditional blocs. Sometimes it works and some other times it doesn't
and I can't pinpoint a reason for that.
For instance, I have an old WindowsXP VM that I boot once in a while to
test old stuff. Sometimes I need to let this VM go to the outside world
so I added this kind of conditional config to Shorewall :
file "rules":
?IF WinXP
?INFO Allow internet to WinXP
ACCEPT { source=... ... ... }
?ENDIF
file "snat":
?IF WinXP
?INFO SNAT WinXP VM
SNAT(...) { ... ... }
?ENDIF
NOTE: The rules themselves are irrelevant because it's not where the
problem lies.
As usual, I always CHECK the config before using it:
# WinXP=1 shorewall ck
Checking using Shorewall 5.2.3.2...
Resetting....
INFO: Allow internet to WinXP
INFO: SNAT WinXP VM
Shorewall configuration verified
and if all goes well, reload:
# WinXP=1 shorewall reload
Reloading Shorewall....
done.
See the problem here? Where are the "INFO:" lines in the "reload"
command? They should be there.
Verifying with "shorewall show | less" confirms that the related rules
are not present.
Yet... sometimes... without even touching the configuration, using the
"WinXP=1 shorewall reload" makes the "INFO:" lines visible and the rules
are applied correctly.
What's wrong? (either on my part or Shorewall's :-))
PS: In case it helps, AUTOMAKE="Recursive" in "shorewall.conf"
Thanks.
--
ObNox
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
