From fa53c064a0b20ddddb72da5d300df53244e6c68b Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 1 Jun 2005 15:10:04 +0000
Subject: [PATCH] Document shell commands in /etc/shorewall/params

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2207 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-docs2/configuration_file_basics.xml | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/Shorewall-docs2/configuration_file_basics.xml b/Shorewall-docs2/configuration_file_basics.xml
index d2c0c8460..5ed4caa2e 100644
--- a/Shorewall-docs2/configuration_file_basics.xml
+++ b/Shorewall-docs2/configuration_file_basics.xml
@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-05-27</pubdate>
+    <pubdate>2005-06-01</pubdate>
 
     <copyright>
       <year>2001-2005</year>
@@ -564,6 +564,38 @@ DNAT       net        loc:192.168.1.3 tcp       4000:4100</programlisting>
 
       <para>Variables may be used anywhere in the other configuration
       files.</para>
+
+      <para>Because the <filename>/etc/shorewall/params</filename> file is
+      simply sourced into the shell, you can place arbitrary shell code in the
+      file and it will be executed each time that the file is read. One
+      possible use of this feature is to compensate for recent Linux behavior
+      in which the identity of network interfaces varies from boot to boot
+      (what is <filename class="devicefile">eth0</filename> after one boot may
+      be <filename class="devicefile">eth1</filename> after the next).
+      <trademark>SuSE</trademark> users, for example, can take the following
+      approach:</para>
+
+      <programlisting>wookie:~ # lspci
+0000:00:00.0 Host bridge: VIA Technologies, Inc. VT82C598 [Apollo MVP3] (rev 04)
+0000:00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x AGP]
+0000:00:03.0 Ethernet controller: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 01)
+0000:00:04.0 Ethernet controller: Lite-On Communications Inc LNE100TX (rev 20)
+0000:00:05.0 Ethernet controller: Digital Equipment Corporation DECchip 21142/43 (rev 41)
+0000:00:14.0 ISA bridge: VIA Technologies, Inc. VT82C586/A/B PCI-to-ISA [Apollo VP] (rev 45)
+0000:00:14.1 IDE interface: VIA Technologies, Inc. VT82C586A/B/VT82C686/A/B/VT823x/A/C PIPC Bus Master IDE (rev 06)
+0000:00:14.2 USB Controller: VIA Technologies, Inc. VT82xxxxx UHCI USB 1.1 Controller (rev 02)
+0000:00:14.3 Bridge: VIA Technologies, Inc. VT82C586B ACPI (rev 10)
+0000:01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage LT Pro AGP-133 (rev dc)
+wookie:~ #</programlisting>
+
+      <para>If the firewall's external interface is the DECchip controllor at
+      0000:00:05.0 and the internal interface is the Ethernet Pro 100 at
+      0000:00:03.0, then the following entries in
+      <filename>/etc/shorewall/params</filename> will set EXT_IF and INT_IF to
+      the names of these two controllers respectively:</para>
+
+      <programlisting>EXT_IF=$(getcfg-interface bus-pci-0000:00:05.0)
+INT_IF=$(getcfg-interface bus-pci-0000:00:03.0)</programlisting>
     </example>
   </section>