On 9/16/10 11:22 AM, Tom Eastep wrote: > On 09/16/2010 10:57 AM, Brian J. Murrell wrote: >> On Thu, 2010-09-16 at 10:17 -0700, Tom Eastep wrote: >>> >>> The dynamic blacklist has been preserved across stop/start and restart >>> since 4.4.11. >> >> Is the importance of 4.4.11 here on the master or the shorewall-lite >> machine, or both? >> >> b. > > The administrative machine. But again, the dynamic blacklist is currently > only preserved across 'restart' and 'refresh'.
This patchlet seems to allow the blacklist to be preserved over start/stop. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Rules.pm
b/Shorewall/Perl/Shorewall/Rules.pm
index 9bc3691..635989f 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2394,6 +2394,17 @@ EOF
case $COMMAND in
stop|clear|restore)
+ if chain_exists dynamic; then
+EOF
+
+ if ( $family == F_IPV4 ) {
+ emit( ' ${IPTABLES}-save -t filter | grep \'^-A
dynamic\' > ${VARDIR}/.dynamic' );
+ } else {
+ emit( ' ${IPTABLES}-save -t filter | grep \'^-A
dynamic\' > ${VARDIR}/.dynamic' );
+ }
+
+ emit <<'EOF';
+ fi
;;
*)
set +x
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
