Tom Eastep wrote:
> Thanks. Applied in a slightly-modified form.
>
No problem.
>> I also have a question:
>>
>> Lets assume that I have the following:
>>
>> actions
>> ~~~~~~~
>> FLOG
>>
>> action.FLOG
>> ~~~~~~~~~~~
>> ?IF $1
>> ?SET @chain $2 ? $2 : " "
>> ?SET @disposition $3 ? $3 : " "
>> LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid)
>> ?END IF
>> ?IF $4
>> $4
>> ?END IF
>>
>> rules
>> ~~~~~
>> SECTION NEW
>> FLOG(log,@chain,ACCEPT,ACCEPT) $FW net:+dmz-net
>>
>> With the above setup, FLOG is not inline and shorewall creates a new
>> chain (called FLOG) and then executes everything there. So far, so good.
>>
>> However, the "@chain" variable, which I passed as a parameter to FLOG is
>> *not*, as I expected, set to "fw2net", but assumes a value of "FLOG"
>> (the chain in which FLOG executes). It is obvious that shorewall does
>> not differentiate between the "@chain" passed as a parameter to a
>> specific action in "rules", "blrules" and the like, and the "@chain"
>> parameter value inside that action. The two are very different. I
>> presume the exact same thing exists with @disposition as well.
>>
>> Is it possible to get shorewall to recognise the "@chain" variable to
>> assume a value of the chain in which the statement occurs ("fw2net" in
>> the above case), instead of assuming the value of the chain in which the
>> actual action executes?
>>
>
> It's not. @chain cannot be expanded by the pre-processor when it appears
> outside of an action body, so it can only be used in very limited
> contexts. But I invented a way to accomplish what you want (but I
> neglected to document it until this morning).
>
> There is a variable named @caller which expands to the name of the chain
> which invoked an action. In an inline action, it expands to the same
> thing as @chain. In a non-inlined action, it expands to the name of the
> chain that invoked the action.
>
Given my example above, how would you create the rules statement:
"FLOG(log,@caller,ACCEPT,ACCEPT) $FW net:+dmz-net" or just use "@caller"
inside the action body, in which case the whole thing becomes:
?IF $1
?SET @chain $2 ? @caller : " "
?SET @disposition $3 ? $3 : " "
LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid)
?END IF
?IF $4
$4
?END IF
and then call it with "FLOG(log,caller,ACCEPT,ACCEPT) $FW net:+dmz-net"
I also vaguely remember that you had a $0 parameter, which also expanded
to the chain name, though I am not sure whether they were exact
equivalents (@chain and $0, that is). Is all this documented anywhere -
I looked through the "Actions" web page on your site, but could not find
anything relevant.
> Please give it a try.
>
Is this in RC2 already?
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
