thr3ads.net - Shorewall users - [Shorewall-users] Treating undefined variables as errors [Jul 2002]

If this information is useful, please help other people find it:
Share via:

Eric E. Bowles

2002-Jul-17 16:22 UTC

[Shorewall-users] Treating undefined variables as errors

Hi there,

I noticed that "shorewall check" doesn''t seem to flag a
warning if a
variable used in /etc/shorewall/rules hasn''t been defined in 
/etc/shorewall/params.

For example, the following rule, which is supposed to restrict
telnet access to networks defined by $OPS,

	ACCEPT  net:$OPS 	fw       tcp telnet

would unintentionally allow telnet from the rest of the net if 
$OPS isn''t defined in params.

Is it possible to flag this as an error in "shorewall check"?  
Maybe a source or destination of the form "zone:" shouldn''t
be accepted?

--eric

Tom Eastep

2002-Jul-17 18:55 UTC

head link

[Shorewall-users] Treating undefined variables as errors

On Thu, 18 Jul 2002, Eric E. Bowles wrote:
> 
> Is it possible to flag this as an error in "shorewall check"?  
> Maybe a source or destination of the form "zone:"
shouldn''t be accepted?
> 
The version of the ''firewall'' script in CVS provides this
capability.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall users - Jul 2002 - Treating undefined variables as errors

[Shorewall-users] Treating undefined variables as errors

[Shorewall-users] Treating undefined variables as errors