> lib.core isn't a configuration file; it is part of the Shorewall
> installation. The compiler therefore doesn't use CONFIG_PATH but rather
> assumes that it will be installed in ${SHAREDIR}/shorewall.
>
True, and I presume since the remote shorewallrc is used, this throws
the compiler off as no such file exists on the HOST system. Hmm,
interesting this...
Can shorewall load (and use) the HOST shorewallrc for the "core
libraries" (the ones needed for compilation for producing firewall and
firewall.conf for remote system) and use the remote shorewallrc for
everything else? Would that be possible? The idea is that if the core
libraries on the host are going to be used, than it makes sense for them
to adopt the host shorewallrc file, while the compiler uses the remote
version of shorewallrc for building firewall and firewall.conf.
I presume apart from the lib.* files and the shorewall executable, along
with getparams and various perl libraries there isn't much else.
> Yes -- looks like we need a FORMAT 2 routestopped file in order to
> handle multi-dimensional sets.
>
I was thinking more along the lines of the approach you adopted with
"blacklist" and "blrules" files, which I quite liked - use a new file
(say, "rulestopped") along the old routestopped (without ipset support)
and after a while (a couple of revisions), you deprecate the old
routestopped in favour of rulestopped where you can grant full ipsets
support. That way you don't have to touch the existing routestopped at
all and start afresh with the new rulestopped.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
