Hi list, I manage several shorewall firewalls with rules common beetween them. I wrote a script for synching rules beetween them, on a dedicaced network interface. I heavily use the shorewall param file. My idea is to have an include in this param file, so that param file would be the same accross the firewalls, and the included file would contain the specific variables of each fw. This way, managing several fws at a time could be much easyier. Is there a way to do that, apart writing some dirty bash scripts? I mean, does shorewall support something like "include /path/to/myfile" in params file? Thanks Tristan ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tristan DEFERT wrote:> Hi list, > I manage several shorewall firewalls with rules common beetween them. > I wrote a script for synching rules beetween them, on a dedicaced > network interface. > I heavily use the shorewall param file. > My idea is to have an include in this param file, so that param file > would be the same accross the firewalls, and the included file would > contain the specific variables of each fw. This way, managing several > fws at a time could be much easyier. > Is there a way to do that, apart writing some dirty bash scripts? > I mean, does shorewall support something like "include /path/to/myfile" > in params file?http://www.shorewall.net/configuration_file_basics.htm#INCLUDE -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
oooh !!!! i wonder how i could have missed this one... RTFM sorry Tom, you're not a parrot I know... Le mardi 30 janvier 2007 à 07:46 -0800, Tom Eastep a écrit :> Tristan DEFERT wrote: > > Hi list, > > I manage several shorewall firewalls with rules common beetween them. > > I wrote a script for synching rules beetween them, on a dedicaced > > network interface. > > I heavily use the shorewall param file. > > My idea is to have an include in this param file, so that param file > > would be the same accross the firewalls, and the included file would > > contain the specific variables of each fw. This way, managing several > > fws at a time could be much easyier. > > Is there a way to do that, apart writing some dirty bash scripts? > > I mean, does shorewall support something like "include /path/to/myfile" > > in params file? > > http://www.shorewall.net/configuration_file_basics.htm#INCLUDE > > -Tom > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Tristan DEFERT wrote:> oooh !!!! > i wonder how i could have missed this one... RTFM > sorry Tom, you''re not a parrot I know...I just tested INCLUDE in the params file and I seem to have broken it in 3.2. I''ll try to get a fix out some time today. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> Tristan DEFERT wrote: >> oooh !!!! >> i wonder how i could have missed this one... RTFM >> sorry Tom, you''re not a parrot I know... > > I just tested INCLUDE in the params file and I seem to have broken it in 3.2. > > I''ll try to get a fix out some time today.There''s a fix at http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.8/. See the known_problems.txt file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep wrote:> Tristan DEFERT wrote: >> Hi list, >> I manage several shorewall firewalls with rules common beetween them. >> I wrote a script for synching rules beetween them, on a dedicaced >> network interface. > ... > http://www.shorewall.net/configuration_file_basics.htm#INCLUDEAnother option might be my shoregen script: http://shorewall.svn.sourceforge.net/viewvc/shorewall/trunk/contrib/shoregen/ -- Paul <http://paulgear.webhop.net> -- Did you know? Providers of on-line music services (such as iTunes) intentionally cripple their software to make sure you keep buying from them. Find out more: http://defectivebydesign.org/ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV