Document shell commands in /etc/shorewall/params

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2207 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2005-06-01 15:10:04 +00:00 · 2005-06-01 15:10:04 +00:00 · fa53c064a0
commit fa53c064a0
parent 2d87678636
1 changed files with 33 additions and 1 deletions
--- a/Shorewall-docs2/configuration_file_basics.xml
+++ b/Shorewall-docs2/configuration_file_basics.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-05-27</pubdate>
+    <pubdate>2005-06-01</pubdate>

    <copyright>
      <year>2001-2005</year>
@ -564,6 +564,38 @@ DNAT       net        loc:192.168.1.3 tcp       4000:4100</programlisting>

      <para>Variables may be used anywhere in the other configuration
      files.</para>
+
+      <para>Because the <filename>/etc/shorewall/params</filename> file is
+      simply sourced into the shell, you can place arbitrary shell code in the
+      file and it will be executed each time that the file is read. One
+      possible use of this feature is to compensate for recent Linux behavior
+      in which the identity of network interfaces varies from boot to boot
+      (what is <filename class="devicefile">eth0</filename> after one boot may
+      be <filename class="devicefile">eth1</filename> after the next).
+      <trademark>SuSE</trademark> users, for example, can take the following
+      approach:</para>
+
+      <programlisting>wookie:~ # lspci
+0000:00:00.0 Host bridge: VIA Technologies, Inc. VT82C598 [Apollo MVP3] (rev 04)
+0000:00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x AGP]
+0000:00:03.0 Ethernet controller: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 01)
+0000:00:04.0 Ethernet controller: Lite-On Communications Inc LNE100TX (rev 20)
+0000:00:05.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41)
+0000:00:14.0 ISA bridge: VIA Technologies, Inc. VT82C586/A/B PCI-to-ISA [Apollo VP] (rev 45)
+0000:00:14.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06)
+0000:00:14.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 02)
+0000:00:14.3 Bridge: VIA Technologies, Inc. VT82C586B ACPI (rev 10)
+0000:01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage LT Pro AGP-133 (rev dc)
+wookie:~ #</programlisting>
+
+      <para>If the firewall's external interface is the DECchip controllor at
+      0000:00:05.0 and the internal interface is the Ethernet Pro 100 at
+      0000:00:03.0, then the following entries in
+      <filename>/etc/shorewall/params</filename> will set EXT_IF and INT_IF to
+      the names of these two controllers respectively:</para>
+
+      <programlisting>EXT_IF=$(getcfg-interface bus-pci-0000:00:05.0)
+INT_IF=$(getcfg-interface bus-pci-0000:00:03.0)</programlisting>
    </example>
  </section>