-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/10/2016 10:41 PM, Ob Noxious wrote:
> Hi,
>
> Just a small issue I've faced. I made a typo on the "interfaces"
> file, like this :
>
> bar ${IF_BAR} nets=(${NET_BAR}),nosmurfs,rpfilter,bridge dmz
> ${IF_F00} nets=(${NET_FOO}),nosmurfs,rpfilter,bridge
>
> notice: ${IF_FOO} is misspelled with 00 (zeros) instead of letter
> "O" which leads to an empty entry.
>
> "shorewall ck" didn't complain.
>
> "shorewall reload" failed with a shell syntax error complaining
> about unbalanced parenthesis. It was a "case ... esac" statement
> with the following content :
>
> case $1 in lo) progress_message3 "..." eth0|dmz|nets=(1.2.3.0/24
> <http://1.2.3.0/24>),nosmurfs,rpfilter,bridge) .... esac
>
> We see why the shell would complain :-) I finally figured out the
> (stupid) typo.
>
> I report it in case you'd want to add further checks to this
> (and/or others) to avoid this kind of situations where the "check"
> command gets fooled and the error passes unnoticed.
>
> Note to self: "interfaces" is the last config file using the
> "legacy" columned notation and I guess it's time to convert it to
> the new (and way better IMHO) syntax :-)
>
I believe that this particular class of user blunder is best guarded
against by setting IGNOREUNKNOWNVARIABLES=No in shorewall[6].conf,
although I can certainly add some gross-level editing of interface
names in the interfaces file.
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX/Qn0AAoJEJbms/JCOk0QHqYP/3OGA6blUxkvTLZa4Ni4sy1V
tX7/NzxiHHSwEWQ3aFkYma8Ug0otVRYN39RDFCOhNiwxGzulTP56gXXnYIncdqUO
CEjaXLeNI2katfkEl4x4bHWNZImgppxwvh239l2z5GU1TfVNauojJLkIcdSTrIjB
w91MsaCdQPsb+DherQTP3L+4rzDk7TOXpbSSMvXjwpbzu4BxHKxr1zeZInGLP1A9
muvPaVnYZSELMfjjbju1pXXtjJAR+S2j5k3utYpxVUUR8q5Y1HOOUwMlPKbgAi5S
++JUDBHXD41YQ+zRYDgMTxf8ca+1P3T2leqQ/52aJxF7CHQD6AQ7q7H3m/7am3Gg
ERg8+94FqduEWy6UkHhIGM9IMkF0iwsOnlYgxB/XPJ8oV3IG2Ny9evIFL3kUMs4F
eUTGjn7yYuga2FyHE4+sYMOZ1LrQ4MNgZTRewvB6hg0Kt4ig4tgJzEPzXMQQxlA0
8xhMMA08vzV9thuo2D6F1GB7uN9D2rCtGOTWLfF3IXQJHYZYLb2ncdO1qhMfdk//
iiwIUPaxOqBTpAG2hBJy6YkRGH8wFgCBbr+/kBVgxJcBKSCiBcIQviJK5STVXjba
bBsBEnVd0LzKDBEvzz7Ic3vIxozqsXGp6Xjw/ob5QPzOlRZ7XM7lI9hnrq8EH8d2
PikFhS/VzBx4+B0i2Blf
=M8rX
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
