On 6/11/2018 12:08 AM, Tom Eastep wrote:
> On 06/10/2018 12:19 PM, Matt Darfeuille wrote:
>> Hi,
>>
>> I'm trying to do the following but I'm not getting anywhere!:
>>
>> shorewall-exports/test/rules:
>>
>> ?IF $ENABLE_RULE
>> Execute that bit of code
>> ?ENDIF
>>
>> $ shorewall remote-reload
>>
>> Firewall system:
>>
>> $ ENABLE_RULE=Yes shorewall-lite reload
>>
>> Obviously, the above doesn't work and I'm wandering if there is a way to
>> pass an environmental variable to shorewall-lite.
>>
>> The switch column in /etc/shorewall/rules is not an option.
>>
>> In other words: Is there a way to inable/disable rules on a firewall
>> system without having todo 'shorewall remote-reload' on the
>> administrative system (dinamic non-address variable)?
>>
>
> Can using the SWITCH column meet your requirements?
>
Yes, the SWITCH column meets my requirements.
But Condition MATCH needs to be available, I'm hoping for a way to do
the same without installing that capability.:
" ERROR: A non-empty SWITCH column requires Condition Match in your
kernel and iptables /etc/shorewall/rules (line 21)"
The idea is to install as little packages as possible.
If the SWITCH column is the only way around, I'll have to way the pros
and cons of using it! :)
I'm on Debian 9, Shorewall 5.2.0.4.
-Matt
--
Matt Darfeuille
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
