On 9/1/19 9:24 AM, ObNox wrote: > On 01/09/2019 09:08, Matt Darfeuille wrote: > >> According to (1) you should use shell variable and not Perl variable. >> >> 1) http://shorewall.org/configuration_file_basics.htm#Conditional > > Well, it works for "ck" (check) and not for "reload"? Hard to believe. > > Besides, to use Shell variables I'd have to modify shorewall.conf each > time I want a conditional configuration which is not practical at all. > The whole point of having a conditional configuration it to trigger it > at run time, not by modifying configuration files which, in my opinion, > defeats the purpose. > > Anyway, reading again the link you mentioned gave me the answer by > association and now I think I know why with my usage, it triggers the > behavior I mentioned in the first post. > > "check" command forcibly compiles the configuration every time, so > everything in it is respected, conditional code included. That's why > both "INFO:" lines appear at every "ck/check" command. > > "reload" seems to notice that "the previously compiled configuration > does not need a new compilation" (maybe by checking files date stamps) > so the conditional code is not interpreted. > > To make sure that "reload" does exactly what I want, I need to use the > command "reload -c" and then, guess what, both "INFO:" lines appear > every time and the configuration is applied exactly at it should be. > > This is not very practical and counter intuitive I think. As every other > tool I can think of out there allowing to test the configuration before > reloading it (apache, nginx, postfix, dovecot, dhcpd, etc. etc.) I > expect Shorewall to reload the exact configuration and not what it > "thinks" it is or should be. > > I think this is a side effect caused by "AUTOMAKE=Yes". I'd really > prefer a new "shorewall.conf" directive like "ALWAYS_COMPILE=(Yes|No)" > to force compilation on every "start/reload" so I don't have to remember > to use the "-c" if I want the correct configuration to be applied. >
Then simply set AUTOMAKE=No, or use the '-c' option of the reload command when you want to override Shorewall's AUTOMAKE logic. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
