We have a Shorewall installation which has a cron job that dynamically adds
and deletes subnets to/from a zone during the day. We want to be able to
list which subnets are currently in the zone at any one time. Initially we
were parsing the output of "shorewall status", which works but can be
very
slow. Looking at the output of "shorewall status", it seems that the
subnets we are interested in are in zone eth1_dynf, and it is much quicker
to do a "shorewall show eth1_dynf" than a "status" command.
My questions are: if we change the configuration of Shorewall, will the
name of the chain we are interested in change? Is there a better way of
finding out which subnets are currently in a given zone? We''d prefer to
do
that dynamically rather than trying to track the status of each subnet.
Thank you for any suggestions.
