hi, i try to recreate my Knock action which was worked with the shell compiler for the perl compiler but it doesn't seem to working. the generated firewall script always contains the $var instead of it's value. what can be the problem? i try to use it in my rules file as: Knock:none:22,2000,60 net fw:$NET_IP tcp ssh,1999,2000,2001 and i attached the original and the new Knock actions too. thanks in advance.
-- Levente "Si vis pacem para bellum!"
Knock.perl
Description: Perl program
set -- $(separate_list $TAG)
[ $# -eq 3 ] || fatal_error "Rule must include <port>,<knock port>,<interval>
as the log tag"
if [ -n "$LEVEL" ]; then
log_rule_limit $LEVEL $CHAIN Knock-$1 ACCEPT "" "Knock-$1" -A -p tcp
--dport $1 -m recent --rcheck --name Knock-$1
log_rule_limit $LEVEL $CHAIN Knock-$1 DROP "" "Knock-$1" -A -p tcp
--dport ! $1
fi
run_iptables -A $CHAIN -p tcp --dport $1 -m recent --rcheck
--seconds $3 --name Knock-$1 -j ACCEPT
run_iptables -A $CHAIN -p tcp --dport $(( $2 - 1 )) -m recent
--name Knock-$1 --remove -j DROP
run_iptables -A $CHAIN -p tcp --dport $2 -m recent
--name Knock-$1 --set -j DROP
run_iptables -A $CHAIN -p tcp --dport $(( $2 + 1 )) -m recent
--name Knock-$1 --remove -j DROP
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
