Hello, I''m installing ShoreWall for the first time.>From the Docs, I know I can use comma-separated lists & ranges of IP addresses.In the past, doing things by hand, I''ve kept a lot of my lists in one-per-line & commented files, e.g. 1.1.1.1 # comment A 2.2.2.2/29 # comment B !3.3.3.3 # comment C Is it possible to use in Shorewall, maybe via an INCLUDE file, IP addresses in the following format? I think blacklists can use something like it, but I''m not sure about just normal lists. Or do I have to convert them to uncommented, comma-separated lists? -- JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
JC Janos wrote:>>From the Docs, I know I can use comma-separated lists & ranges of IP addresses. > > In the past, doing things by hand, I''ve kept a lot of my lists in > one-per-line & commented files, e.g. > > 1.1.1.1 # comment A > 2.2.2.2/29 # comment B > !3.3.3.3 # comment C > > Is it possible to use in Shorewall, maybe via an INCLUDE file, IP > addresses in the following format? I think blacklists can use > something like it, but I''m not sure about just normal lists. > > Or do I have to convert them to uncommented, comma-separated lists?By the time you pass it to Shorewall, it must be in an uncommented comma-separated list. But you have a number of scripting options with Shorewall. Please see http://www.shorewall.net/configuration_file_basics.htm. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom,> By the time you pass it to Shorewall, it must be in an uncommented > comma-separated list. But you have a number of scripting options with > Shorewall. Please see http://www.shorewall.net/configuration_file_basics.htm.It looks like that Perl-scripting capability is both powerful, and complicated. I guess if I want my commented files I''ll have to learn it. Thanks for pointing it out. Apart from the very extensive documentation (Wow!), is there a forum or wiki that might have examples of Shorewall perl scripts available, espcecially for beginners? -- JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
JC Janos wrote:> Tom, > >> By the time you pass it to Shorewall, it must be in an uncommented >> comma-separated list. But you have a number of scripting options with >> Shorewall. Please see http://www.shorewall.net/configuration_file_basics.htm. > > It looks like that Perl-scripting capability is both powerful, and complicated. > > I guess if I want my commented files I''ll have to learn it. Thanks > for pointing it out. > > Apart from the very extensive documentation (Wow!), is there a forum > or wiki that might have examples of Shorewall perl scripts available, > espcecially for beginners?No one has contributed any such examples AFAIK. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
JC Janos wrote:> Tom, > >> By the time you pass it to Shorewall, it must be in an uncommented >> comma-separated list. But you have a number of scripting options with >> Shorewall. Please see http://www.shorewall.net/configuration_file_basics.htm. > > It looks like that Perl-scripting capability is both powerful, and complicated. > > I guess if I want my commented files I''ll have to learn it. Thanks > for pointing it out. > > Apart from the very extensive documentation (Wow!), is there a forum > or wiki that might have examples of Shorewall perl scripts available, > espcecially for beginners?But I suspect that your requirements could be met by using shell variables and doing some simple shell scripting in /etc/shorewall/params. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom, On Sun, Nov 9, 2008 at 12:43 PM, Tom Eastep <teastep@shorewall.net> wrote:> But I suspect that your requirements could be met by using shell > variables and doing some simple shell scripting in /etc/shorewall/params.I figured that /etc/shorewall/params would be the right place. I''m not sure which is "better" for me in this case -- SHELL or PERL. I''d guess SHELL is easier, at first, but that PERL is something I'';ll likely have the opportunity to use more later in ShoreWall. -- JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
JC Janos wrote:> Tom, > > On Sun, Nov 9, 2008 at 12:43 PM, Tom Eastep <teastep@shorewall.net> wrote: >> But I suspect that your requirements could be met by using shell >> variables and doing some simple shell scripting in /etc/shorewall/params. > > I figured that /etc/shorewall/params would be the right place. I''m > not sure which is "better" for me in this case -- SHELL or PERL. > > I''d guess SHELL is easier, at first, but that PERL is something I'';ll > likely have the opportunity to use more later in ShoreWall.The thing about /etc/shorewall/params is that it is processed natively by the shell. So it is basically a shell program that is run to set up the ENV for the Shorewall-perl (or Shorewall-shell) compiler. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom Eastep wrote:> JC Janos wrote: >> Tom, >> >> On Sun, Nov 9, 2008 at 12:43 PM, Tom Eastep <teastep@shorewall.net> wrote: >>> But I suspect that your requirements could be met by using shell >>> variables and doing some simple shell scripting in /etc/shorewall/params. >> I figured that /etc/shorewall/params would be the right place. I''m >> not sure which is "better" for me in this case -- SHELL or PERL. >> >> I''d guess SHELL is easier, at first, but that PERL is something I'';ll >> likely have the opportunity to use more later in ShoreWall. > > The thing about /etc/shorewall/params is that it is processed natively > by the shell. So it is basically a shell program that is run to set up > the ENV for the Shorewall-perl (or Shorewall-shell) compiler.And the [ BEGIN ] PERL construct isn''t available in /etc/shorewall/params. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom, On Sun, Nov 9, 2008 at 12:58 PM, Tom Eastep <teastep@shorewall.net> wrote:> The thing about /etc/shorewall/params is that it is processed natively > by the shell.Ok, I see what you''re saying. I''d completetly missed that it''s already processed by the SHELL. Given that /params is shell-processed, can you still include & use PERL scripts in it? In the same way as in any other Shorewall file? --JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Tom, On Sun, Nov 9, 2008 at 1:01 PM, Tom Eastep <teastep@shorewall.net> wrote:> And the [ BEGIN ] PERL construct isn''t available in /etc/shorewall/params.Your answer & my question crossed in the mail! Thanks, --JC ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/