On 06/10/2018 04:11 PM, Matt Darfeuille wrote: > > > On 6/11/2018 12:08 AM, Tom Eastep wrote: >> On 06/10/2018 12:19 PM, Matt Darfeuille wrote: >>> Hi, >>> >>> I'm trying to do the following but I'm not getting anywhere!: >>> >>> shorewall-exports/test/rules: >>> >>> ?IF $ENABLE_RULE >>> Execute that bit of code >>> ?ENDIF >>> >>> $ shorewall remote-reload >>> >>> Firewall system: >>> >>> $ ENABLE_RULE=Yes shorewall-lite reload >>> >>> Obviously, the above doesn't work and I'm wandering if there is a way to >>> pass an environmental variable to shorewall-lite. >>> >>> The switch column in /etc/shorewall/rules is not an option. >>> >>> In other words: Is there a way to inable/disable rules on a firewall >>> system without having todo 'shorewall remote-reload' on the >>> administrative system (dinamic non-address variable)? >>> >> >> Can using the SWITCH column meet your requirements? >> > > Yes, the SWITCH column meets my requirements. > But Condition MATCH needs to be available, I'm hoping for a way to do > the same without installing that capability.: > > " ERROR: A non-empty SWITCH column requires Condition Match in your > kernel and iptables /etc/shorewall/rules (line 21)" > > The idea is to install as little packages as possible. > If the SWITCH column is the only way around, I'll have to way the pros > and cons of using it! :) > > I'm on Debian 9, Shorewall 5.2.0.4.
You must install the xtables-addons package for SWITCH support. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
