[Shorewall-devel] odd line in current CVS for firewall

Tom Eastep teastep at shorewall.net
Wed May 18 11:26:55 PDT 2005

Ian! D. Allen wrote:
> Tom Eastep wrote:
>>It works fine
> Well, yes, it "works"; but, it only works for that one loop and it
> clobbers the list in the process.

It does work provided that you don't need the contents of the list
variable upon loop exit:

teastep at ursa:~/Shorewall/Shorewall2> networks="a b c d"
teastep at ursa:~/Shorewall/Shorewall2> for networks in $networks; do echo
$networks; done
teastep at ursa:~/Shorewall/Shorewall2>

  I was thinking of "works" in the
> more global sense of "works without unnecessary side-effects".  The more
> readable version is also the more maintainable version - a double feature.
> Thanks for the update.

As I say, I just checked in the change to make this more understandable.
I remember running across the code one day and having the same reaction
that you did ("This can't work"); but the code had been working
correctly for a long time.

> I'm available for any grunt work needed to keep shorewall alive.  
> I speak very fluent shell script and halting dialects of iptables and iproute2.
> I run a home net with dual ADSL lines.
> I wrote this (referenced by Shorewall docs): http://idallen.com/dnat.txt
> Just tell me what to do.

You can certainly start by helping test the multiple-ISP stuff that I
just released. And when you find problems, try to fix the code yourself
-- I know of no better way to get one's feet wet than analyzing and
fixing bugs.

And if you get stuck, I'm still here :-)

Going forward, I think that the future of Shorewall depends on what
people do on their own initiative and not on what I tell them to do.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

More information about the Shorewall-devel mailing list