Tom
On Fri, Mar 17, 2017, at 09:48 AM, Tom Eastep wrote:
> > Not sure how to make sure that it grabs that remote RUNTIME value
> > correctly while making sure that compile-time doesn't complain
> > about the local value being undefined.
> >
>
> Please see
> http://www.shorewall.org/configuration_file_basics.htm#AddressVariables
That's cool.
There it says
"The generated script will verify that the variable contains a valid host or
network address, either from the environment or from it being assigned in your
init extension script, and will raise an error if it does not. "
To be extra clear that DOES mean 'from the RUNTIME environment', right?
I need a solution that deals with both cases:
(1) (re)starting shorewall-lite locally ON the firewall machine
(2) (re)starting the firewall remotely, from my desktop
I know I can exec ON the firewall, at cmd line
MY_CURRENT_IP=$(cat /etc/MY_CURRENT_IP) shorewall reload
Is then having
params
MY_EXT_IP=%{MY_CURRENT_IP}
sufficent?
In the remote compile/push case, from my desktop
sh shorewall remote-reload -c -s ${MY_FIREWALL}
what's the way to deal with that?
IIUC, either
(1) since shorewall execs as root, have
MY_CURRENT_IP=$(cat /etc/MY_CURRENT_IP)
pre-exported into root's shell ENV?
or,
(2) figure out how to 'tell' the
sh shorewall remote-reload -c -s ${MY_FIREWALL}
cmd exec'd locally to grab & prepend the
MY_EXT_IP=${MY_CURRENT_IP)
to the remotely executed 'shorewall-lite' command
DT
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
