Tom Eastep wrote: > Andrew Suffield wrote: >> On Fri, Oct 26, 2007 at 03:19:40PM -0700, Tom Eastep wrote:
>
> PERL is now forking.
>
I realized last night that running Perl scripts in a child is unsatisfactory
unless the child is persistent. And even if the child were persistent, the
script couldn't do things like add rules that use matches which Shorewall
doesn't support directly (by directly calling Shorewall::Chains::add_rule()).
I also disliked having to use line continuation for multi-line scripts.
So:
a) Multi-line scripts are introduced by "BEGIN PERL" and terminated by "END
PERL" ('PERL' may be omitted from the ending line). Both the beginning and
ending markers can be optionally followed with ';' so that a Perl-aware
editor doesn't get confused.
b) Single-line scripts (or multi-line scripts using line continuation) are
still introduced by 'PERL'.
c) Both script types are evaluated in the compiler process.
d) Rather than using print statements to generate input to Shorewall, the
script calls Shorewall::Config::shorewall(). The script includes an implicit
"use Shorewall::Config qw/shorewall/;" so the function name does not need to
be qualified.
e) The script includes an implicit "package Shorewall::User;".
f) Perl syntax errors are reported against the actual filename and line number.
Example script:
BEGIN PERL;
for ( qw(fw dmz) ) {
shorewall "ACCEPT net $_ tcp 25\n";
}
1;
END PERL;
Note that the script must evaluate to a 'true' value.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
