Technical data
8. Documentation for Developers
the following output is printed:
Warning: Rule 1/1: ACCEPT
Warning: Rule 1/2: REJECT
Warning: Rule 2/1: DROP
Alternatively, you can iterate directly over all values of the array (but the exact indices of
the entries are not always known, because this is not required):
foreach rule in pf_usr_chain_%_rule_%
do
warning "Rule %{rule}='${rule}'"
done
That produces the following output with the sample configuration from above:
Warning: Rule PF_USR_CHAIN_1_RULE_1='ACCEPT'
Warning: Rule PF_USR_CHAIN_1_RULE_2='REJECT'
Warning: Rule PF_USR_CHAIN_2_RULE_1='DROP'
The second example nicely shows the meaning of the %<Name>-syntax: Within the
string %rule is substitued by the name of the variable in question (for example
PF_USR_CHAIN_1_RULE_1), while $rule is substituted by its content (i.e. ACCEPT).
Encryption of Passwords: crypt
Some variables contain passswords that should not be noted in plain text in rc.cfg. These
variables can be encrypted by the use of crypt and are transferred to a format also needed on
the router. Use this like here:
crypt (<Variable>)
The crypt function is the only point at which a configuration variable can be changed.
Querying File Properties: stat
stat is used to query file properties. At the moment only file size can be accessed. If checking
for files under the current configuration directory you may use the internal variable config_dir.
The Syntax:
stat (<file name>, <key>)
The command looks like this (the parameters used are only examples):
foreach i in openvpn_%_secret
do
stat("${config_dir}/etc/openvpn/$i.secret", keyfile)
if (keyfile_res != "OK")
then
error "OpenVPN: missing secretfile <config>/etc/openvpn/$i.secret"
fi
done
305