In a shorewall6-lite 5.2.8 config, I want to get externally defined data (an
IP6 addr),
cat /etc/shorewall/MYIP6.current
[2600:xxxx:xxxx:xxx0::56]
and assign its content to a dynamic variable for use in SW
Selecting from
Extension Scripts (User Exits)
https://shorewall.org/shorewall_extension_scripts.htm
I settled on
init -- invoked early in “shorewall start” and “shorewall restart”
In my shorewall6-lite config, I've
/init
MYIP6=$( cat /etc/shorewall/MYIP6.current )
I use it in SNAT as
/snat
?FORMAT 2
SNAT(%{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
There's no ERROR on compile or start.
The "SNAT-ing" simply doesn't appear to work; replies from the 'net are NOT sent to
"MYIP6" ... rather to "2600:xxxx:xxxx:xxxf::ZZZZ", the IP of the client.
But, if I remove the *var*, and use the explicit/literal addr,
/snat
?FORMAT 2
- SNAT(%{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
+ SNAT([2600:xxxx:xxxx:xxx0::56]) [2600:xxxx:xxxx:xxxf::]/64
EXT_IF
all's good; as intended, replies are SNAT'd, and return back to the originating
client.
Are %vars usable in /snat?
Is my usage incorrect?
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
