[Shorewall-users] Treating undefined variables as errors

Eric E. Bowles bowles@ambisys.com
Thu, 18 Jul 2002 01:22:01 +0900


Hi there,

I noticed that "shorewall check" doesn't seem to flag a warning if a 
variable used in /etc/shorewall/rules hasn't been defined in 
/etc/shorewall/params.

For example, the following rule, which is supposed to restrict
telnet access to networks defined by $OPS,

	ACCEPT  net:$OPS 	fw       tcp telnet

would unintentionally allow telnet from the rest of the net if 
$OPS isn't defined in params.

Is it possible to flag this as an error in "shorewall check"?  
Maybe a source or destination of the form "zone:" shouldn't be accepted?

--eric