Sam Carleton wrote:

are testing for equality to 1, but /proc/net/ip_fwchains is not a script or a program, what is the part: They are processes. Please see SuSE Linux 6.3 book page 429 and read Proc-filesystem. You use this to see if a process is enabled or running

Damon Register -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/

Sam Carleton said:

Folks, I am trying to figure out the filewall script that SuSE provides to get the firewall going. There is one line:

if test -f /proc/net/ip_fwchains -a `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then ... fi

Can someone enlighten me as to what is going on here. I know that they [snip]

Basically "if" is examining the result of a program, "test". The "test" program is being given parameters containing two expressions. The first expression, "-f /proc/net/ip_fwchains", is pretty simple. It simply tells test to check to see if the file "/proc/net/ip_fwchains" exists. If it does, this expression will be "1", if it doesn't, it will be "0". /proc/net/ip_fwchains looks like it's a pseudo-file containing the ipchains rules that are in effect, so I guess in English this would be something like "if ipchains are in use ...". The second is a bit more involved. Any time you use backticks ( ` ) the output of the command between the ticks is substitued for the command itself. In this case the command is "cat /proc/sys/net/ipv4/ip_forward", so the _contents_ of that file will be inserted in place of the text between the backticks. (It's the shell doing this substitution before even executing the "test" program BTW. The test program never sees the "cat ..." part.) Now /proc/sys/net/ipv4/ip_forward is a pseudo-file that contains a single character indicating the status of the ip forwarding feature of the kernel. That character will be "0" if it's disabled and "1" if it's enabled, so either a "0" or a "1" will be tested to see if it's equal to "1" (the "-eq 1" part). IOW, you can think of this expression being either "0 -eq 1" or "1 -eq 1", depending on the contents of the file. Again, in English this would be something like, "if ip forwarding is enabled ...". The expressions are linked by a "-a" parameter, which tells test to logically "and" the results of the two to come up with it's return value. The program test itself returns "0" or "1", depending on how it evaluates the parameters above. That result is acted upon by "if" as you would expect, so the whole thing works out to sth like, "if ipchains are in use and ip forwarding is enabled then ...". Hope that helps. -John -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/