> Unless 'physical' is set in the third column of the interfaces file, > which is what we do in the provided samples (1). > ... > 1) > https://gitlab.com/shorewall/code/-/raw/master/Shorewall/Samples/one-interface/interfaces
OK, thanks. I've always relied on https://shorewall.org/ as the primary explanation of shorewall. Is shorewall.org being phased out in favor of https://gitlab.com/shorewall/? If so, I can revise the Website link in the infobox at https://en.wikipedia.org/wiki/Shorewall. Incidentally, https://gitlab.com/shorewall/ has branches code, contrib, debian, release, testing, tools and web. No "documentation" branch although documentation can be helpful. =8~) > It should be noted that you can not mix defining variable in the params > file and using the same interface name when 'physical' is used: > ... OK, thanks. Now I recognize the dichotomy. A couple of questions for understanding and future reference. (1) Are the two methods of specifying the 'net interface (NET_IF in params vs. physical= in interfaces) entirely equivalent? (2) Are both methods intended to continue in the future? If one is being phased out, I can stick to the other. =8~) > If that still does not work for you, ... Works fine thanks. My strategy is to first make one interface (to the 'net) work. Later will add an interface to connect a subnet with a subordinate machine. Here are two complaints against https://shorewall.org/manpages/shorewall-interfaces.html along with suggestions which can make it more understandable. (1) "INTERFACE - interface[:port] Logical name of interface. ..." =8~| In reality there are three distinct cases. (1.1) The interface is specified literally. For example "wlxa0f3c10a28f7" is literal; not logical. (1.2) The interface is specified symbolically as NET_IF which is assigned a literal value by the physical= option. For exammple "physical=wlxa0f3c10a28f7" in the options column. (1.3) The interface is specified symbolically as $NET_IF and NET_IF is assigned a literal value in the params file. For example params can have the line "NET_IF=wlxa0f3c10a28f7". (2) "physical=name Added in Shorewall 4.4.4. When specified, the interface or port name in the INTERFACE column is a logical name that refers to the name given in this option. It is useful when you want to specify the same wildcard port name on two or more bridges." A logical name? NET_IF is a symbolic name. It is the name of a variable storing the value assigned by "physical=". The explanation can be improved. The sentence mentioning bridges is true but incomplete. Use of the "physical=" option is not only relevant to multiple bridges. There is no bridge here but "physical=wlxa0f3c10a28f7" can be used. Regards, ... Peter E. -- Tel: +1 604 670 0140 Bcc: peter at easthope. ca _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
