On 11/15/10 4:36 AM, Brian J. Murrell wrote: > I use shorewall-lite on my remote gateway, controlled by shorewall on my > local gateway. Sometimes I need to configure a rule which requires > knowledge of an IP of an interface on the remote machine. > > "/sbin/shorewall-lite call find_first_interface_address <interface>" > comes in handy for this and I can even put it into a params variable to > give me something I can use in a rule: > > C_IF_IP=$(ssh gw "/sbin/shorewall-lite call find_first_interface_address > eth0.1") > > This has side effects however. The above command will be called on both > the local (i.e. shorewall) machine and the remote (shorewall-lite) > machine.
Only if you set EXPORT_PARAMS=Yes in shorewall.conf. If you set EXPORT_PARAMS=No, then you won't have this issue at all. > > Of course, it's entirely possible that there is a much better way of > trying to get an interface's address on a remote machine for building > rules with. :-) You are using the documented method. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
