> I will expand @{....} first; then any leftover '@' characters will be
> expanded to ${chain}.
>
Right, got it, makes sense.
One other query, this time regarding switches: the man page says that a
switch is "on" when its corresponding value in /proc/net/nf_condition is
1. You also have an inversion, so that when something like
"!switch_name" is specified, then the switch is "on" when the value is 0
and "off" when that value is 1 (the opposite of the "normal" behaviour).
So, if I want a particular switch to be "on" from the start I have,
basically, two options: issue "echo 1 >
/proc/net_nf_condition/switch_name" in "init", "start" or "started", or,
use inversion with "!switch_name".
Both of these options are not ideal: with the first option I have to
keep track of which option needs to be activated/deactivated, while for
the second option, I also need to keep track of what has been inverted.
That might be OK for a small number of switches, but when I have a
sizeable number of them, this might become more difficult to remember
and maintain.
What I am getting at is this: would it be possible to have something
like "switch_name=1" (you may substitute "1" with "Yes", "True" or
"TRUE" if it is easier to process) to indicate the initial value which
should be assumed for that switch when shorewall starts?
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
