Tom Eastep wrote:
Brian J. Murrell wrote:On Mon, 2008-09-08 at 20:32 -0700, Tom Eastep wrote:Which assumes that the only type of ipset worth creating is iphash -- beware.Indeed. As an aside, by the time the compile script is executed, have all of the config files been opened and their data enumerated into perl vars? i.e. could I have avoided actually parsing the hosts file and found theipsets enumerated into a data structure already?No. The 'compile' user exit is called just before the zones file is processed. The 'initdone' exit is called after zones, interfaces, hosts and policy have been processed. For zone-related information, see the comments at the top of Zones.pm.
# hosts { <type> } => [ { <interface1> => { ipsec => 'ipsec'|'none'
# options => { <option1> =>
<value1>
# ... # }# hosts => [ <net1> , <net2> , ... ]
# } When a network in the inner hosts list starts with "+", it is an ipset. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
