I use shorewall-lite on my remote gateway, controlled by shorewall on my local gateway. Sometimes I need to configure a rule which requires knowledge of an IP of an interface on the remote machine.
"/sbin/shorewall-lite call find_first_interface_address <interface>"
comes in handy for this and I can even put it into a params variable to
give me something I can use in a rule:
C_IF_IP=$(ssh gw "/sbin/shorewall-lite call find_first_interface_address
eth0.1")
This has side effects however. The above command will be called on both
the local (i.e. shorewall) machine and the remote (shorewall-lite)
machine. Issuing an ssh command on the remote machine is an error.
I could probably do something deterministic like:
C_IF_IP=$(if <running on remote machine>; then
/sbin/shorewall-lite call find_first_interface_address <interface>
else
ssh gw "/sbin/shorewall-lite call find_first_interface_address
<interface>")
Of course, for every person who has to do this sort of thing, that's a
person who will potentially fall into the trap of not knowing they need
to conditionalize such a construct as above.
I wonder if there could/should be a generic function in the framework
that one can call to get the value of something (i.e. like
"find_first_interface_address", or other things) that will understand
the context it is being called in and do the right thing with regard to
either running locally or remotely.
Of course, it's entirely possible that there is a much better way of
trying to get an interface's address on a remote machine for building
rules with. :-)
Thots?
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
