I have not read thru the whole thread - but I just ran the firewall. In my FW_DEV_WORLD, I have "eth0 eth0:1 eth0:2" which works just fine. Maybe it's redundant - but there is the firewall script in /sbin/SuSEfirewall which deals with the FW_DEV_WORLD around line 260. This script parses the variables set from /etc/rc.config.d/firewall.rc.config and executes ipchain commands to set the filter rules. what you can do is to set a "set -x" in that script to get an execution trace or (what I would do) - take the chunk of code, put it in a file, replace, assign values from the firewall.rc.config and run it with dummy commands. As an example, I set up a similar script for the FW_REDIRECT_TCP to figure something out - but I got it to work without it, but you may get the idea: FW_REDIRECT_TCP="4.4.4.4/12,20.20.20.20,22 12.12.12.12/12,20.20.20.20,22" for i in $FW_REDIRECT_TCP; do PARAMS=`echo $i | $AWK 'BEGIN {FS=","} \ {printf ( "-s %s -d %s %s -j REDIRECT %s", $1, $2, $3, $4) }'` test -z "$LAC" || $IPCHAINS -A input -p tcp $PARAMS -y $LAC echo IIII -A input -p tcp -b $PARAMS $LAA done the echo IIII replaces the ipchains command and of cause, you would need to set the AWK=awk and IPCHAINS=ipchains to make it run. maybe it helps, Samartha At 12:05 AM 6/16/00 +0200, you wrote: * Gerhard Sittig wrote on Mon, Jun 12, 2000 at 22:11 +0200:
On Mon, Jun 12, 2000 at 20:41 +0200, Winfried Trautsch wrote:
Escaping the colon is not sufficiant (especially when you don't know how many times the parameters get passed down the chain from the rc.config(?) parameter bundle to the shell assigning the value and evaluating it -- how is the variable's name generated?).