[NCLUG] Shorewall and webmin

[Chris Funk]

Hi all,

I am using shorewall 2.0.10 and webmin to administer it. I have multiple
rules setup to allow my home machine as well as several others into the
network.  Most of the home machines get ip's via dhcp, so whenever they
change I have to go in and change all the rules.

I have "fixed" this using the params file in shorewall, setting up shell
vars, "CHRIS=wan:67.176.xxx.xxx" however when I add new rules to shorewall
via webmin it wipes those out.

I have tried playing with the Hosts and Zones in shorewall, but I'm not
really sure if that is what that is for or not.
Adding a zone of chris in the zone file then adding the chris zone in hosts
chris		eth3:67.176.xxx.xxx
Eth3 is my WAN interface on the FW
When I do this I see a blocked message from shorewall of
wan2all:DROP::IN=eth3  .... ....  DPT=22


I can select a source zone in webmin of Other..  then put in the var name in
the text box, this works, but when it lists all the rules  it just says DMZ
in the Source column. Ie.:
(this is the webmin view, not the actual shorewall rules file)

Action	Source	Destination	Protocol	Source Ports	Dest Ports
============================================================================
ACCEPT	Zone DMZ	Firewall	Tcp		Any
22

Instead of:
Action	Source	Destination	Protocol	Source Ports	Dest Ports
============================================================================
ACCEPT	Zone $CHRIS	Firewall	Tcp		Any
22
ACCEPT	Zone $JACK	Firewall	Tcp		Any
25
ACCEPT	Zone $CARI	Firewall	Tcp		Any
ftp
Etc...

The shorewall rules file is correct: IE:

ACCEPT	$CHRIS	$FW	tcp	22
Etc.

This is way too confusing when looking at the rules in webmin, so that
really isn't an option.  I know, just edit the rules file by hand every time
right. :-)  and I would, but I have another person who occasionally  has to
add rules, and editing by hand isn't an option for them.

Any ideas on this or am I just gonna have to edit rules by hand?

Thanks
Chris Funk