Andrzej Odyniec wrote: > All VPN I setup from OpenVPN tunnels. But last month I must set IPsec > tunnels. > When I set up IPsec tunnels, I need to expand internal security zones to > tunneled adresses on external internet Interfaces. And in this place (hosts > file) I need to declare delegated addresses of my internal security zone for > all BGP interfaces separatelly, ie.: > >> crp eth2:172.23.0.0/18 ipsec >> crp eth3:172.23.0.0/18 ipsec >> crp eth2:172.31.201.0/24 ipsec >> crp eth3:172.31.201.0/24 ipsec > > After Your change from 4.1.4 I can use variable defined as list of > interfaces, > but only in masq or nat files. Not in hosts.
I would have written the above as:
crp eth2:172.23.0.0/18,172.31.201.0/24 ipsec
crp eth3:172.23.0.0/18,172.31.201.0/24 ipsec
Which can be replaced with:
BEGIN PERL
for my $interface ( split /,/, $ENV{NET} ) {
shorewall "crp $interface:172.23.0.0/18,172.31.201.0/24 ipsec"
}
END PERL
Note that variables set in /etc/shorewall/params are passed to the
Shorewall-perl compiler via the environment.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
