Tom Eastep wrote:
> My experimentation with a Perl-based compiler for Shorewall is beginning
> to bear fruit. Here is a timing from the main firewall at shorewall.net
> using the Perl-based compiler. That compiler generates a script that
> uses iptables-restore to configure Netfilter.
>
> [EMAIL PROTECTED]:~/shorewall# shorewall restart .
> Compiling...
> Shorewall configuration compiled to /var/lib/shorewall/.restart
> Restarting Shorewall....
> done.
>
> real 0m2.403s
> user 0m0.604s
> sys 0m0.492s
> [EMAIL PROTECTED]:~/shorewall# shorewall show log
>
> Contrast that with the standard 3.4.1 compiler:
>
> [EMAIL PROTECTED]:~/shorewall# time shorewall restart
> Compiling...
> Shorewall configuration compiled to /var/lib/shorewall/.restart
> Restarting Shorewall....
> done.
>
> real 0m7.054s
> user 0m2.020s
> sys 0m2.964s
> [EMAIL PROTECTED]:~/shorewall#
>
> The new compiler still uses the shell as its preprocessor to process the
> 'params' file, expand shell variables in configuration files and to
> strip comments from those files. Approximately one second of the elapsed
> time occurs before the Perl-based compiler even starts.
>
> The compiler is far from complete -- no 'detect' features are supported
> yet. Those will cause the generated script to run quite a bit slower
> because the iptables-restore input must be reprocessed in the generated
> script to add the rules that result from detected addresses.
>
> Anyone wishing to play with it can do so as follows:
>
> a) Install Shorewall 3.4.1.
> b) Get a copy of the trunk/New SVN files.
> c) Make a copy of your /etc/shorewall directory.
> d) Modify the shorewall.conf file in the copied directory as follows:
>
> 1- Add 'EXPERIMENTAL=Yes'
> 2- Modify CONFIG_PATH to include the directory where you placed
> the trunk/New files.
I forgot one step:
e) Create a symbolic link /usr/share/shorewall/Shorewall which points to the
Directory containing the trunk/New files. On my system, I have:
[EMAIL PROTECTED]:~/shorewall# ll /usr/share/shorewall/Shorewall
lrwxrwxrwx 1 root root 33 2007-03-15 09:37 /usr/share/shorewall/Shorewall ->
/home/teastep/shorewall/trunk/New
[EMAIL PROTECTED]:~/shorewall#
And in my shorewall.conf copy:
CONFIG_PATH=/etc/shorewall:/home/teastep/shorewall/trunk/New:/usr/share/shorewall
---------------------------------
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
