[SLE] understanding SuSE's firewall script
Folks, I am trying to figure out the filewall script that SuSE provides to get the firewall going. There is one line: if test -f /proc/net/ip_fwchains -a `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then ... fi Can someone enlighten me as to what is going on here. I know that they are testing for equality to 1, but /proc/net/ip_fwchains is not a script or a program, what is the part: /proc/net/ip_fwchains -a `cat /proc/sys/net/ipv4/ip_forward` For that matter what is the /proc/net/ip_fwchains and what is the /proc/sys/net/ipv4/ip_forward? Sam -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sam Carleton wrote:
are testing for equality to 1, but /proc/net/ip_fwchains is not a script or a program, what is the part: They are processes. Please see SuSE Linux 6.3 book page 429 and read Proc-filesystem. You use this to see if a process is enabled or running
Damon Register -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sam Carleton wrote:
Folks, I am trying to figure out the filewall script that SuSE provides to get the firewall going. There is one line:
if test -f /proc/net/ip_fwchains -a `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then ... fi
Can someone enlighten me as to what is going on here. I know that they are testing for equality to 1, but /proc/net/ip_fwchains is not a script or a program, what is the part:
/proc/net/ip_fwchains -a `cat /proc/sys/net/ipv4/ip_forward`
For that matter what is the /proc/net/ip_fwchains and what is the /proc/sys/net/ipv4/ip_forward?
I can't give you details as I don't use a firewall but the line that you quote is very simple, it checks for the existance of a file /proc/net/ip_fwchains and the contents of another /proc/sys/net/ipv4/ip_forward. I presume that the former indicates that ip_fwchains is operational and that the latter is the current state of ip forwarding so that the total line reads if fwchains is operational and ip forwarding is enabled then The important part to remember is that `` is equal to the result of evaluating the command enclosed. /Michael -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Sam Carleton said:
Folks, I am trying to figure out the filewall script that SuSE provides to get the firewall going. There is one line:
if test -f /proc/net/ip_fwchains -a `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then ... fi
Can someone enlighten me as to what is going on here. I know that they [snip]
Basically "if" is examining the result of a program, "test". The "test" program is being given parameters containing two expressions. The first expression, "-f /proc/net/ip_fwchains", is pretty simple. It simply tells test to check to see if the file "/proc/net/ip_fwchains" exists. If it does, this expression will be "1", if it doesn't, it will be "0". /proc/net/ip_fwchains looks like it's a pseudo-file containing the ipchains rules that are in effect, so I guess in English this would be something like "if ipchains are in use ...". The second is a bit more involved. Any time you use backticks ( ` ) the output of the command between the ticks is substitued for the command itself. In this case the command is "cat /proc/sys/net/ipv4/ip_forward", so the _contents_ of that file will be inserted in place of the text between the backticks. (It's the shell doing this substitution before even executing the "test" program BTW. The test program never sees the "cat ..." part.) Now /proc/sys/net/ipv4/ip_forward is a pseudo-file that contains a single character indicating the status of the ip forwarding feature of the kernel. That character will be "0" if it's disabled and "1" if it's enabled, so either a "0" or a "1" will be tested to see if it's equal to "1" (the "-eq 1" part). IOW, you can think of this expression being either "0 -eq 1" or "1 -eq 1", depending on the contents of the file. Again, in English this would be something like, "if ip forwarding is enabled ...". The expressions are linked by a "-a" parameter, which tells test to logically "and" the results of the two to come up with it's return value. The program test itself returns "0" or "1", depending on how it evaluates the parameters above. That result is acted upon by "if" as you would expect, so the whole thing works out to sth like, "if ipchains are in use and ip forwarding is enabled then ...". Hope that helps. -John -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (4)
-
Anonymous User
-
dregiste@bellsouth.net
-
jmgrant@primenet.com
-
Michael.Salmon@uab.ericsson.se