On 9/1/2019 4:02 AM, ObNox wrote:
> Hi,
>
> I use conditional configuration triggers with environment variables for
> different scenarios and I've noticed strange behaviors using these
> conditional blocs. Sometimes it works and some other times it doesn't
> and I can't pinpoint a reason for that.
>
> For instance, I have an old WindowsXP VM that I boot once in a while to
> test old stuff. Sometimes I need to let this VM go to the outside world
> so I added this kind of conditional config to Shorewall :
>
> file "rules":
> ?IF WinXP
> ?INFO Allow internet to WinXP
> ACCEPT { source=... ... ... }
> ?ENDIF
>
> file "snat":
> ?IF WinXP
> ?INFO SNAT WinXP VM
> SNAT(...) { ... ... }
> ?ENDIF
>
> NOTE: The rules themselves are irrelevant because it's not where the
> problem lies.
>
> As usual, I always CHECK the config before using it:
>
> # WinXP=1 shorewall ck
> Checking using Shorewall 5.2.3.2...
> Resetting....
> INFO: Allow internet to WinXP
> INFO: SNAT WinXP VM
> Shorewall configuration verified
>
> and if all goes well, reload:
>
> # WinXP=1 shorewall reload
> Reloading Shorewall....
> done.
>
> See the problem here? Where are the "INFO:" lines in the "reload"
> command? They should be there.
>
> Verifying with "shorewall show | less" confirms that the related rules
> are not present.
>
> Yet... sometimes... without even touching the configuration, using the
> "WinXP=1 shorewall reload" makes the "INFO:" lines visible and the rules
> are applied correctly.
>
> What's wrong? (either on my part or Shorewall's :-))
>
> PS: In case it helps, AUTOMAKE="Recursive" in "shorewall.conf"
>
According to (1) you should use shell variable and not Perl variable.
1) http://shorewall.org/configuration_file_basics.htm#Conditional
-Matt
--
Matt Darfeuille
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
