Re: [Shorewall-users] Conditional config strange behavior

Sun, 01 Sep 2019 09:26:40 -0700 

On 01/09/2019 09:08, Matt Darfeuille wrote:


According to (1) you should use shell variable and not Perl variable.

1)  http://shorewall.org/configuration_file_basics.htm#Conditional


Well, it works for "ck" (check) and not for "reload"? Hard to believe.
Besides, to use Shell variables I'd have to modify shorewall.conf each time I want a conditional configuration which is not practical at all. The whole point of having a conditional configuration it to trigger it at run time, not by modifying configuration files which, in my opinion, defeats the purpose.
Anyway, reading again the link you mentioned gave me the answer by association and now I think I know why with my usage, it triggers the behavior I mentioned in the first post.
"check" command forcibly compiles the configuration every time, so everything in it is respected, conditional code included. That's why both "INFO:" lines appear at every "ck/check" command.
"reload" seems to notice that "the previously compiled configuration does not need a new compilation" (maybe by checking files date stamps) so the conditional code is not interpreted.
To make sure that "reload" does exactly what I want, I need to use the command "reload -c" and then, guess what, both "INFO:" lines appear every time and the configuration is applied exactly at it should be.
This is not very practical and counter intuitive I think. As every other tool I can think of out there allowing to test the configuration before reloading it (apache, nginx, postfix, dovecot, dhcpd, etc. etc.) I expect Shorewall to reload the exact configuration and not what it "thinks" it is or should be.
I think this is a side effect caused by "AUTOMAKE=Yes". I'd really prefer a new "shorewall.conf" directive like "ALWAYS_COMPILE=(Yes|No)" to force compilation on every "start/reload" so I don't have to remember to use the "-c" if I want the correct configuration to be applied. 

--
ObNox


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to