Shorewall devel - May 2005 - odd line in current CVS for firewall

>From a diff of my current shorewall firewall script with the new one
from the CVS today :

$ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall
[...]

673c910
<           for network in $networks; do
---
>           for networks in $networks; do
I don''t think that "for networks in $networks" works well.

-- 
-IAN!  Ian! D. Allen       Ottawa, Ontario, Canada - www.ottawa.ca
       EMail: idallen@idallen.ca   Home Page: http://www.idallen.com/
       College professor (Linux) via: http://teaching.idallen.com/
       Support free and open public digital rights:  http://eff.org/

Ian! D. Allen wrote:
>>From a diff of my current shorewall firewall script with the new one
> from the CVS today :
> 
> $ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall
> [...]
> 
> 673c910
> <           for network in $networks; do
> ---
>>          for networks in $networks; do
> 
> I don''t think that "for networks in $networks" works
well.
> 
It works fine; $networks gets expanded well before the first assignment
to the loop variable -- I had changed it to be more readable but I seem
to have lost the change somewhere along the line (that''s troubling).

I''ve changed it back to avoid confusion.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> It works fine
Well, yes, it "works"; but, it only works for that one loop and it
clobbers the list in the process.  I was thinking of "works" in the
more global sense of "works without unnecessary side-effects".  The
more
readable version is also the more maintainable version - a double feature.
Thanks for the update.

I''m available for any grunt work needed to keep shorewall alive.  
I speak very fluent shell script and halting dialects of iptables and iproute2.
I run a home net with dual ADSL lines.
I wrote this (referenced by Shorewall docs): http://idallen.com/dnat.txt
Just tell me what to do.

-- 
-IAN!  Ian! D. Allen       Ottawa, Ontario, Canada - www.ottawa.ca
       EMail: idallen@idallen.ca   Home Page: http://www.idallen.com/
       College professor (Linux) via: http://teaching.idallen.com/
       Support free and open public digital rights:  http://eff.org/

Ian! D. Allen wrote:
> Tom Eastep wrote:
>>It works fine
> 
> Well, yes, it "works"; but, it only works for that one loop and
it
> clobbers the list in the process.
It does work provided that you don''t need the contents of the list
variable upon loop exit:

teastep@ursa:~/Shorewall/Shorewall2> networks="a b c d"
teastep@ursa:~/Shorewall/Shorewall2> for networks in $networks; do echo
$networks; done
a
b
c
d
teastep@ursa:~/Shorewall/Shorewall2>

  I was thinking of "works" in the
> more global sense of "works without unnecessary side-effects". 
The more
> readable version is also the more maintainable version - a double feature.
> Thanks for the update.
As I say, I just checked in the change to make this more understandable.
I remember running across the code one day and having the same reaction
that you did ("This can''t work"); but the code had been
working
correctly for a long time.
> 
> I''m available for any grunt work needed to keep shorewall alive.  
> I speak very fluent shell script and halting dialects of iptables and
iproute2.
> I run a home net with dual ADSL lines.
> I wrote this (referenced by Shorewall docs): http://idallen.com/dnat.txt
> Just tell me what to do.
> 
You can certainly start by helping test the multiple-ISP stuff that I
just released. And when you find problems, try to fix the code yourself
-- I know of no better way to get one''s feet wet than analyzing and
fixing bugs.

And if you get stuck, I''m still here :-)

Going forward, I think that the future of Shorewall depends on what
people do on their own initiative and not on what I tell them to do.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key