On Tue, 2005-03-08 at 21:36 +1100, Veena Etcell wrote: > Ahh... The format of the example is skewiff. > > It should read: > # Generated by iptables-save v1.2.11 on Mon Mar 7 22:18:56 2005 > EXT_INTERFACE="eth0" > *filter > .... > > EXT_INTERFACE="eth0" being the variable noted in the original email. > > Regards > > -----Original Message----- > From: R. DuFresne [mailto:dufresne@xxxxxxxxxxx] > Sent: Tuesday, 8 March 2005 9:31 PM > To: Veena Etcell > Subject: Re: Adding variables to iptables file > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > What variable? <inline> > > On Tue, 8 Mar 2005, Veena Etcell wrote: > > > Hi, > > > > I am hoping someone can help with the following: > > I am at a point where I require advice/direction with regards to adding > > variables (manually or otherwise) to a standard iptables file. > > I am not sure how to add them/where to add them or the syntax that is > > required. > > > > In the example below I have manually added one variable (Line 2) to see > > would happen to /etc/sysconfig/iptables (Redhat FC3 install). > > > > When I iptables-restore < /etc/sysconfig/iptables I get "error at line 2 > > failed" > > > > > > # Generated by iptables-save v1.2.11 on Mon Mar 7 22:18:56 2005 > > EXT_INTERFACE="eth0" > > *filter > > > *filter is not a variable, basically what you are doing is creating a > shell script, so variables are declared as they are in a shell script;; > > var=something > <snip> Hmmm . . . perhaps I am misinformed but I thought one could not use a variable in a file passed to iptables-restore although one can use them in a regular script which uses the iptables command. Of course, iptables-restore is the way to go for loading large rule sets. -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net
