On 1/9/11 6:44 AM, Brian J. Murrell wrote: > On Thu, 2011-01-06 at 14:59 -0800, Tom Eastep wrote: >> >> EXPORTPARAMS=Yes in shorewall.conf. > > This is in conflict with the solution in this thread however: > > http://www.mail-archive.com/[email protected]/msg10733.html
In an earlier message, you wrote: > I could simply source params in started but that would wind up > sourcing params in run_started_exit(), which I wouldn't mind if all > of the values in params became local to that function. But they don't > and it seems really bad that calling run_started_exit() should have > such an effect on the global namespace. So long as you follow the rules for naming your variables (man shorewall-params), that isn't an issue. But that solution simply doesn't work. In an extension script, the SOURCE directive (like the shell '.' operator) is executed at run-time, not at compile time. You don't have access to the params file at run time (unless EXPORTPARAMS=Yes) The compiler doesn't process the params file so it doesn't currently know what variables were set in it. Prior to Shorewall 4.4.15, the contents of the params file were passed from /sbin/shorewall (/sbin/shorewall6) to the compiler in the process environment. Beginning with Shorewall 4.4.15, the compiler runs a small shell script (/usr/share/shorewall/getparams) that processes the params file under the -a option, then pipes its entire environment back to the compiler who stores it in a hash (%params) for use in variable expansion in the config files. The compiler could infer, though, for each member of %params whether or not the (param,value) was set in the params file or was part of the process environment. I wouldn't want the compiler to have to go through that for each of the user exits though, so I would make those assignments global to the firewall script anyway. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
