I see I never did follow-up on this as I promised. So here it is... On 09-05-18 07:46 PM, Brian J. Murrell wrote: > > I had to hard-code "wan0" (for the moment and to prove the concept). > The real interface is in fact eth0.1, but openwrt's configuration has > this concept of "abstracting" the wan interfaces, whatever they may be, > in to "pretty" aliases. The alias exists only in the configuration > however and I can't see a (more elegant than brute-force searching) way > for to turn the real interface specification that shorewall wants into > the "pretty" alias. Certainly, going in the other direction is easy.
I ended up having to brute-force this. I can't imagine a gateway with
enough WAN ports to make this prohibitive though.
> I will update you with a final patch once I have figured how to get
> from ???? to wan?.
So here is my "findgw" extension script:
# ~sigh~ brute-force seems to be the only way to get a virtual
# interface name from a physical one
x=0
while [ $x -lt 1000 ]; do
if [ $(uci -p /var/state get network.wan$x.device) = $1 ]; then
uci -p /var/state get network.wan$x.gateway
break
fi
let x=x+1
done
Of course, the search should stop way before wan1000 when the wan$x
device is found for the interface being looked for. The 1000 is just a
safety plug to prevent a never ending loop in some unforeseen
circumstance. I tend to like to try to program for the unexpected. :-)
b.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
