Justin,
On 7/5/21 7:13 PM, Justin Pryzby wrote:
Could you try &{MYIPV6} ?
...
The docs say this, so if it's empty, that would make sense.
https://shorewall.org/configuration_file_basics.htm#AddressVariables
|A second form is also available beginning with Shorewall 4.5.11
|%{variable}
|Unlike with the first form, this form does not require the variable to be set.
If the variable is empty, the generated script will supply the all-zeros
address (0.0.0.0 in IPv4 and :: in IPv6). In most cases, the compiler simply
omits rules containing matches on the all-zeros address.
Now that's interesting.
This
/init
MYIP6=$( cat /etc/shorewall/MYIP6.current )
/snat
SNAT(%{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
FAILs.
but this,
/init
MYIP6=$( cat /etc/shorewall/MYIP6.current )
/snat
SNAT(&{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
WORKs.
I seem to recall, vaguely, the &{...} form being advised/mentioned at some
point; likely Omache 'schooled' me abt it at some point, and I misunderstood/forgot
:-/
I've re-read that^^ a bunch-o-times, and _still_ am scratching my head as to why
SNAT(&{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
works, but
SNAT(%{MYIP6}) [2600:xxxx:xxxx:xxxf::]/64 EXT_IF
fails.
in any case, thxalot! o/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
