> Okay -- I think I have this working. > > I propose that we have one more 4.4.13 Beta that includes this new > blacklisting implementation, and then I'll produce 4.4.13 RC 1. > > Any objections? > No objections from me as the blacklist issue is the only thing which needs to be tested - I've tested the SELinux context features and they work as they were supposed to (I might have something on deciphering the number behind secmark=xxx next week - will post it here).
Just a note of caution which you may put against the explanation for SAVE and RESTORE, particularly if there are additional restrictions in place (like IP addresses, port numbers etc) or multiple SAVE/RESTORE statements in any particular chains - it is very easy when SAVE xx.xx.xx.xx 22 and then RESTORE is issued to assume that the correct context has been restored. The SAVE and RESTORE will only be activated (executed) if the additional parameters after those statements match, otherwise nothing happens (and the correct SELinux context might not be saved/restored). I know it may be blatantly obvious for some, but I've made these mistakes until I learned the right way, so it is better to point these things out to save others (pun intended). That is one of the reasons I use a 'blank' SAVE and a 'blank' RESTORE at the end of each chain, so that no matter what SELinux context has been set it is always saved (even if it is not set it does NO harm whatsoever for it to be 'saved') and then restored. Just thought that needs to be emphasised when SAVE/RESTORE are explained in the man page file. Another little note for a minor annoyance - in almost all of your man pages your left alignment is off - every so often when you list parameters/columns the left margin gets bigger and bigger, fitting less information on a line - though you may want to know that. ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
