On 6/11/2018 1:49 AM, Tom Eastep wrote: > On 06/10/2018 04:11 PM, Matt Darfeuille wrote: >> >> >> On 6/11/2018 12:08 AM, Tom Eastep wrote: >>> On 06/10/2018 12:19 PM, Matt Darfeuille wrote: >>>> Hi, >>>> >>>> I'm trying to do the following but I'm not getting anywhere!: >>>> >>>> shorewall-exports/test/rules: >>>> >>>> ?IF $ENABLE_RULE >>>> Execute that bit of code >>>> ?ENDIF >>>> >>>> $ shorewall remote-reload >>>> >>>> Firewall system: >>>> >>>> $ ENABLE_RULE=Yes shorewall-lite reload >>>> >>>> Obviously, the above doesn't work and I'm wandering if there is a way to >>>> pass an environmental variable to shorewall-lite. >>>> >>>> The switch column in /etc/shorewall/rules is not an option. >>>> >>>> In other words: Is there a way to inable/disable rules on a firewall >>>> system without having todo 'shorewall remote-reload' on the >>>> administrative system (dinamic non-address variable)? >>>> >>> >>> Can using the SWITCH column meet your requirements? >>> >> >> Yes, the SWITCH column meets my requirements. >> But Condition MATCH needs to be available, I'm hoping for a way to do >> the same without installing that capability.: >> >> " ERROR: A non-empty SWITCH column requires Condition Match in your >> kernel and iptables /etc/shorewall/rules (line 21)" >> >> The idea is to install as little packages as possible. >> If the SWITCH column is the only way around, I'll have to way the pros >> and cons of using it! :) >> >> I'm on Debian 9, Shorewall 5.2.0.4. > > You must install the xtables-addons package for SWITCH support. >
Yes, I understand that. But I don't want to install that package. Is there an other approach to this? -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
