holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Formatting changes in the config file basics doc

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2757 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-30 14:15:51 +00:00
parent 9b293f5ed6
commit 9c956521d8
1 changed files with 45 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
Shorewall-docs2/configuration_file_basics.xml
View File

@ -551,9 +551,9 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
to distinguish them from variables used internally within the Shorewall
programs</para>
<example>
<title>Using Shell Variables</title>
<para>Example:</para>
<blockquote>
<programlisting>&nbsp;&nbsp;&nbsp; /etc/shorewall/params
NET_IF=eth0
@ -568,51 +568,51 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
net eth0 130.252.100.255 routefilter,norfc1918
</programlisting>
</blockquote>
<para>Variables may be used anywhere in the other configuration
files.</para>
<para>Variables may be used anywhere in the other configuration
files.</para>
<para>Because the <filename>/etc/shorewall/params</filename> file is
simply sourced into the shell, you can place arbitrary shell code in the
file and it will be executed each time that the file is read. Any code
included should follow these guidelines:</para>
<para>Because the <filename>/etc/shorewall/params</filename> file is
simply sourced into the shell, you can place arbitrary shell code in the
file and it will be executed each time that the file is read. Any code
included should follow these guidelines:</para>
<orderedlist>
<listitem>
<para>The code should not have side effects, especially on other
shorewall configuration files.</para>
</listitem>
<orderedlist>
<listitem>
<para>The code should not have side effects, especially on other
shorewall configuration files.</para>
</listitem>
<listitem>
<para>The code should be safe to execute multiple times without
producing different results.</para>
</listitem>
<listitem>
<para>The code should be safe to execute multiple times without
producing different results.</para>
</listitem>
<listitem>
<para>Should not depend on where the code is called from (the params
file is sourced by both /sbin/shorewall and
/usr/lib/shorewall/firewall).</para>
</listitem>
<listitem>
<para>Should not depend on where the code is called from (the params
file is sourced by both /sbin/shorewall and
/usr/lib/shorewall/firewall).</para>
</listitem>
<listitem>
<para>Should not assume anything about the state of
Shorewall.</para>
</listitem>
<listitem>
<para>Should not assume anything about the state of Shorewall.</para>
</listitem>
<listitem>
<para>The names of any functions or variables declared should begin
with an upper case letter.</para>
</listitem>
</orderedlist>
<listitem>
<para>The names of any functions or variables declared should begin
with an upper case letter.</para>
</listitem>
</orderedlist>
<para>One possible use of this feature is to compensate for recent Linux
behavior in which the identity of network interfaces varies from boot to
boot (what is <filename class="devicefile">eth0</filename> after one
boot may be <filename class="devicefile">eth1</filename> after the
next). <trademark>SuSE</trademark> users, for example, can take the
following approach:</para>
<para>One possible use of this feature is to compensate for recent Linux
behavior in which the identity of network interfaces varies from boot to
boot (what is <filename class="devicefile">eth0</filename> after one boot
may be <filename class="devicefile">eth1</filename> after the next).
<trademark>SuSE</trademark> users, for example, can take the following
approach:</para>
<programlisting>wookie:~ # lspci
<programlisting>wookie:~ # lspci
0000:00:00.0 Host bridge: VIA Technologies, Inc. VT82C598 [Apollo MVP3] (rev 04)
0000:00:01.0 PCI bridge: VIA Technologies, Inc. VT82C598/694x [Apollo MVP3/Pro133x AGP]
0000:00:03.0 Ethernet controller: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 01)
@ -625,15 +625,14 @@ DNAT net loc:192.168.1.3 tcp 4000:4100</programlisting>
0000:01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage LT Pro AGP-133 (rev dc)
wookie:~ #</programlisting>
<para>If the firewall's external interface is the DECchip controllor at
0000:00:05.0 and the internal interface is the Ethernet Pro 100 at
0000:00:03.0, then the following entries in
<filename>/etc/shorewall/params</filename> will set EXT_IF and INT_IF to
the names of these two controllers respectively:</para>
<para>If the firewall's external interface is the DECchip controllor at
0000:00:05.0 and the internal interface is the Ethernet Pro 100 at
0000:00:03.0, then the following entries in
<filename>/etc/shorewall/params</filename> will set EXT_IF and INT_IF to
the names of these two controllers respectively:</para>
<programlisting>EXT_IF=$(getcfg-interface bus-pci-0000:00:05.0)
<programlisting>EXT_IF=$(getcfg-interface bus-pci-0000:00:05.0)
INT_IF=$(getcfg-interface bus-pci-0000:00:03.0)</programlisting>
</example>
<caution>
<para>The <command>shorewall save</command> and <command>shorewall
@ -641,7 +640,7 @@ INT_IF=$(getcfg-interface bus-pci-0000:00:03.0)</programlisting>
workaround for unstable interface names. In particular, you should set
OPTIONS="" in <filename>/etc/default/shorewall</filename> or
<filename>/etc/sysconfig/shorewall</filename> so that the "-f" option
will not be specified on startup at boot time. </para>
will not be specified on startup at boot time.</para>
</caution>
</section>