Tom Eastep wrote: >> Or maybe this: >> >> ?SET @chain $2 ? (($2 == 'caller') ? @caller : $2) : " " >> >> So that I keep the ability to set the chain to what I want to (different >> from "@caller")? >> > > This is the correct approach. @caller has been supported since Shorewall > 4.5.13. > > Action variables and Shorewall variables are documented at > http://www.shorewall.net/configuration_file_basics.htm#ActionVariables > (and in the following section). > Yeah, I successfully implemented that over the weekend, thanks Tom. I have a few more queries though (in addition to the "providers->track option question" I posted on shorewall-users):
1. man shorewall-rtrules->PRIORITY: The explanation of this column makes a reference to "ISP interface rules" in the context of priority numbers 26000-26999: "...After ISP interface rules but before 'default' rule". What is that, exactly? Could you clarify this definition please? Is this the 'main' routing table? 2. The same man page->SOURCE: "Beginning with Shorewall 4.5.0, you may specify &interface in this column to indicate that the source is the primary IP address of the named interface". Again, what does that mean? With "&interface", if used, I am "indicating" an interface, not a "primary IP address", so how does that work then? 3. How do I add a "default" route in "routes"? 4. Similar to 3 above: how do I add, say "10.1.7.0/24 dev eth0 proto kernel scope link src 10.1.7.7 table dmz7" in routes (needed when a device is brought up, but that route is normally placed in 'main' by the OS)? The reason I ask this is because I have a rule based on this interface source address (i.e. "ip rule add from 10.1.7.7 table dmz7") so I need to have this rule in my dmz7 table, not 'main'. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
