cfengine, IPTables, and DNS

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cfengine, IPTables, and DNS

From:	Systems Administrator
Subject:	cfengine, IPTables, and DNS
Date:	Tue, 20 Jan 2004 16:18:22 +1100 (EST)

        Hi all.  I'm trying to roll out my iptables config from cfengine.
I've added the "### Start DNS" line to my iptables file to indicate that
the DNS servers follow that.  I probably really need an
"InsertLineIfNoLineMatching" command, but since I didn't have one, I
tried:

        { /etc/sysconfig/iptables
                BeginGroupIfFileExists "/etc/sysconfig/iptables"
                        LocateLineMatching "### Start DNS"
                        BeginGroupIfNoLineMatching "$(dnsproxyips)"
                                InsertLine "-A INPUT -s $(dnsproxyips) 53 -p 
udp -j ACCEPT"
                        EndGroup
                EndGroup
                DefineClasses "iptablesrestart"
        }

        The $(dnsproxyips) is a colon-separated list.  Is there some easy
way I can get it to iterate over it?  Or do I need two of these, one for
each DNS server?  Or should I give up and use templating or perl or
something?

        Thanks,

--
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin@sunet.com.au

[Prev in Thread]

Current Thread

[Next in Thread]

cfengine, IPTables, and DNS, Systems Administrator <=

Prev by Date: Cursos em vídeo e áudio marketing: http://www.mercadinhovirtual.rg3.net
Next by Date: Re: editfiles complexity
Previous by thread: Cursos em vídeo e áudio marketing: http://www.mercadinhovirtual.rg3.net
Next by thread: copy:: problem
Index(es):
- Date
- Thread