I have a prototype of in-line actions running. In-line actions are just
like macros except:
1) A zone may be specified in the SOURCE and DEST columns of a macro,
while zone names are disallowed in these columns within an inline
action (same as in a regular action).
2) The name of the current chain is available in $0 within the body
of an inline action (also within a regular action beginning with
Beta 3).
3) In-line actions accept multiple parameters which are available in
$1, $2, etc (as they are in a regular action).
4) PARAM has no special meaning in the body of an in-line action ($1
serves the same purpose in an in-line action).
5) Only FORMAT 2 is available in an inline action.
6) In-line actions must be defined in /etc/shorewall[6]/actions. Those
files have been extended to include an OPTIONS column. The only
option currently supported is ''inline''.
In-line actions differ from normal actions in that:
1) Obviously, they are expanded in-line like a macro rather than
being in their own chain. That means that columns in the
invocation are merged with those in the action body in the same way
as they are in a macro.
2) When AUTOCOMMENT=Yes, each generated rule is commented with the name
of an in-line action.
3) Within an inline action, ?BEGIN PERL ... ?END PERL does not have
access to the special features available in action a normal
action body.
Given the similarity between macros and inline actions, I propose
that macros as default actions (in the POLICY column of
/etc/shorewall[6]/policy) not be supported. It is trivial to convert a
format-2 macro into an inline policy:
- Change its name
- Change $PARAM to $1 within the body of the macro.
- Add an entry in /etc/shorewall[6]/actions
I can make in-line actions available in Beta 3.
Comments?
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
> 1) A zone may be specified in the SOURCE and DEST columns of a macro, > while zone names are disallowed in these columns within an inline > action (same as in a regular action). >That is one thing I never knew.> 6) In-line actions must be defined in /etc/shorewall[6]/actions. Those > files have been extended to include an OPTIONS column. The only > option currently supported is ''inline''. >Would you make the "default" actions (as they are currently provided in shorewall) as "inline" or would you leave them as they are?> Given the similarity between macros and inline actions, I propose > that macros as default actions (in the POLICY column of > /etc/shorewall[6]/policy) not be supported. It is trivial to convert a > format-2 macro into an inline policy: > > - Change its name > - Change $PARAM to $1 within the body of the macro. >You mean "PARAM", right?> Comments? >Looks very good and I think the introduction of the "$0" parameter was a good idea too. ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net
On 11/27/2012 03:09 PM, Mr Dash Four wrote:> >> 1) A zone may be specified in the SOURCE and DEST columns of a macro, >> while zone names are disallowed in these columns within an inline >> action (same as in a regular action). >> > That is one thing I never knew. > >> 6) In-line actions must be defined in /etc/shorewall[6]/actions. Those >> files have been extended to include an OPTIONS column. The only >> option currently supported is ''inline''. >> > Would you make the "default" actions (as they are currently provided in > shorewall) as "inline" or would you leave them as they are?I would leave them as they are. The ones used for default actions create quite a few rules, so having them in a single chain as opposed to replicated seems like the right thing to do. There are other actions like action.Invalid which won''t work inline because they use ?BEGIN PERL .... ?END PERL in ways that are incompatible with inlining.> >> Given the similarity between macros and inline actions, I propose >> that macros as default actions (in the POLICY column of >> /etc/shorewall[6]/policy) not be supported. It is trivial to convert a >> format-2 macro into an inline policy: >> >> - Change its name >> - Change $PARAM to $1 within the body of the macro. >> > You mean "PARAM", right? >Yes.>> Comments? >> > Looks very good and I think the introduction of the "$0" parameter was a > good idea too.Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net