On 1/6/11 2:59 PM, Tom Eastep wrote: > On 1/6/11 2:44 PM, Brian J. Murrell wrote:
>> The resulting code in firewall is however: >> >> $IPTABLES -A accounting -i $CGCOIF -j LOG --log-prefix "Shorewall:acct:DROP:" >> $IPTABLES -A accounting -o $CGCOIF -j LOG --log-prefix "Shorewall:acct:DROP:" >> >> which means that params is not being evaluated in that context. >> >> Looking at firewall, I could simply source params in started but that >> would wind up sourcing params in run_started_exit(), which I wouldn't >> mind if all of the values in params became local to that function. But >> they don't and it seems really bad that calling run_started_exit() >> should have such an effect on the global namespace. >> >> Thots? > > EXPORTPARAMS=Yes in shorewall.conf. I should point out, however, that what you are doing is a *really* bad idea (using the LOG target out of accounting). Better to use ULOG if you insist on capturing every packet in and out of the interface. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
