Tom
On Fri, Mar 17, 2017, at 11:05 AM, Tom Eastep wrote:
> You don't need to pass anything if you just use &<interface> (e.g.,
> ð0). The generated script determines the address *at runtime*.
Wow, I got that COMPLETELY wrong :-/
> If the interface might not have an address (it might be down), then
> use the %<interface> form instead.
Ok, so
params
MY_EXT_IF=eth0
MY_EXT_IP=%{$MY_EXT_IF}
should work? assuming that I can use a variable reference inside the %{}.
The docs say
Beginning with Shorewall 5.0.14, if a Shorewall-defined address
variable's value has changed since the Netfilter ruleset was instantiated, then
a successful enable command will automatically reload the ruleset.
IIUC, the
MY_EXT_IP=%{$MY_EXT_IF}
is *NOT* a "Shorewall-defined" variable, but a "user-defined" variable.
Is that reload-the-ruleset-on-enable behavior still valid?
Also, seems the additional safe/sane thing to do is have my ddlclient script
simply do a `reload` when it detects any change.
DT
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
