On 9/17/10 7:28 AM, Mr Dash Four wrote: > >> It's the way that Shorewall works and the cost of changing it is high >> enough that it's just not worth the effort. >> > Fair enough. > >> Your modification to /etc/init.d/shorewall only works on commands issued >> through that script. Unless your log file happens to be in the default >> place, even simple CLI commands like 'shorewall show log' won't work. >> The rules compiler is the only part of Shorewall that uses the directory >> specified in the 'start' and 'restart' commands. >> > Just one thing I want to make sure - even though my /etc/shorewall.conf > contains one line only, Shorewall itself is reading all other options > from my custom-placed shorewall.conf right? I checked that yesterday, > but it was late and I did not put a great effort in, so I might have > been mistaken.
It depends on which command is being executed.
However, I just thought of a foolproof trick - If you really want to
relocate shorewall.conf, place this in /etc/shorewall/shorewall.conf:
INCLUDE /path/to/my/shorewall.conf
In your 'real' shorewall.conf, be sure to modify CONFIG_PATH so that it
looks in your private config directory first.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
