>>> Nope, that would prevent me from using custom-made targets (something >>> like '-j SECCTX --name <name>' for example). >>> >> Okay -- I've implemented the following: >> >> 3) A new INLINE action has been added. This action allows defining >> arbitrary iptables rules in the blrules and rules files, as well as >> in action and macro bodies. >> >> The basic form of an INLINE rule is as follows: >> >> INLINE <src> <dst> <proto> ... ; <iptables matches and jump> >> >> Example: >> >> INLINE $FW all tcp 1234 ; -j SETCTX --name foo >> >> As part of this change, a new 'builtin' action type has been added. >> ip[6]tables actions not supported by Shorewall (such as 'SETCTX' in >> the example above), must be defined in your >> /etc/shorewall[6]/actions file. >> >> Example: >> >> SETCTX builtin >> >> >> Is this what you had in mind? >> > > BTW, with OPTIMIZE=31, the following rules are generated in my > configuration: > > -A fw-dmz -p 6 --dport 1234 -j SETCTX --name foo > -A fw-loc -p 6 --dport 1234 -j SETCTX --name foo > -A fw-net -p 6 --dport 1234 -j SETCTX --name foo > -A fw-smc -p 6 --dport 1234 -j SETCTX --name foo > -A fw-vpn -p 6 --dport 1234 -j SETCTX --name foo > OK, I have a couple of queries: was there a reason for including the protocol and port number columns? That adds an unnecessary complexity to me in my view - what if I want to use ipsets as protocol & port numbers? I am also assuming that this is a destination port - what happens if a source port is needed instead?
Could you not just leave the syntax as "INLINE <src> <dst> ; <the_rest_of_the_statement>"? As for the built-in actions - yes, I don't mind that at all, that's pretty reasonable, though with this requirement I am assuming that shorewall must parse the bit after ";" and I am curious as to what is the reason for this? Optimisation or something else? ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
