Matt:
As Tom explained, we need variable that is expanded at run-time (so I can't
use /etc/shorewall/params).
Tom:
We need dynamic address and port rules, because those values are stored in
the database and can be changed over time from our web UI.
What solution do you suggest? Can we for example write a compile extension
script for such a functionality?
2017-06-06 22:55 GMT+02:00 Tom Eastep <[email protected]>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 06/06/2017 12:10 PM, Matt Darfeuille wrote:
> > On 6/6/2017 10:36 AM, Jaryn Znosa wrote:
> >> Hi guys, thanks for a such great piece of software. We are using
> >> shorewall lite with variable for IP address (like &{myAddress})
> >> and we need the same functionality for the destination port
> >> column. What is the best way to achieve that?
> >>
> >
> > You could define a variable in the params file and then use that
> > variable in the rules file.
> >
> > EG:
> >
> > /etc/shorewall/params
> >
> > PORT=22,56-99
> >
> > /etc/shorewall/rules
> >
> > ACCEPT $FW net tcp $PORT
> >
> > You could apply that scheme to any columns.
> >
>
> Such variables, however, are expanded at compile time whereas address
> variables are expanded at run-time. The distinction is expecially
> important when using Shorewall[6]-lite. Unfortunately, Shorewall does
> not currently support runtime port number variables.
>
> Jaryn -- what is the use case for such variables?
>
> Thanks,
> - -Tom
> - --
> Tom Eastep \ Q: What do you get when you cross a mobster with
> Shoreline, \ an international standard?
> Washington, USA \ A: Someone who makes you an offer you can't
> http://shorewall.org \ understand
> \_______________________________________________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJZNxa3AAoJEJbms/JCOk0QkwIP/24gtbfG7P95PruaJ4NIfYHp
> yjiYST63h/Ewt0aQngjT7ohN9JTZLKI0TKhKL0XD3HbxTkFF87Z+PiX6T3/IEbyM
> kShOJz47Y5UT4r+XOF4Nj1asSI2ZNM6Dze1+QIQnR3pfjaFRXEW4/2O5Qb7gRvwh
> t+lyOcFBSh995lZUGQALexiulQrTO9d9V/0pl56MrMSTV5u2Mrgg6FBTJPLUMZAE
> 9QMq/qKFffZWdY+zseLHy4SXwoss7OrEfCdZy7Pnsqzfo4ksps51KkcqLG5kFBUz
> SZTYRtaneeIScLRC2hG6rJ/aQ1bf4i1bnCV59acY5b8ycrvZ0qx+pkNrYFukMny9
> 8qwqwH1kw6iFxeZwcVDfZVFNm1fFFsYOiYf/EGvA6tqj2Yg8tibZp7flOUJQLkgI
> kKVK0LK7COpMdaZafjvZkqdXqxWl6+NA9ECpvIpgq//BaZaHM7hQbyS8JD1wJ1mu
> zABb0X6KbfW95BtIqGSCOtV6d4bf2CU93XP/xwIAEQr7BpFeiJrVffyQdRhNuicr
> jmZFMSaGe+775Rymh4TQAtTsWh4fYlMHAxx9SiPHVE9hAHx6Wz5TCjzJLNwQMp7k
> 74kVmqz17EMVTeqr9rgAWQL3x+Fi1hS5GYRzRsb4ZL7sTiqTse9h7FpCj4VXYyz+
> VYVS+gfUZaYFHZsAuQJV
> =tm2k
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
