On Monday 14 May 2007 15:52, Tom Eastep wrote:
> Tom Eastep wrote:
> > Steven Jan Springl wrote:
> >> Tom
> >>
> >> If interface entry:
> >>
> >> lan eth0 -
> >>
> >> is defined, it is possible to issue command:
> >>
> >> shorewall delete eth0 lan
> >>
> >> While this does not change the iptables rules, its does remove eth0 from
> >> /var/lib/shorewall/zones
> >>
> >> Command:
> >>
> >> shorewall show zones
> >>
> >> displays lan (ipv4) without an interface.
> >>
> >> I don't know if this could cause any issues.
> >
> > I don't think that it can (other than messing up 'shorewall show zones')
> > and I don't believe that I'll try to do anything about this. Once ipsets
> > are included in standard kernels, they provide a much better way to
> > implement dynamic zones and we will scrap this current implementation
> > altogether.
>
> Good afternoon, Steven
>
> I got up this morning and decided to try to do something about this issue.
> Please try revision 6344; the releasenotes.txt file explains what I did.
>
> Thanks!
>
> -Tom
Good morning Tom,
Revision 6344 prevents the deletion of a permanent interface from a zone.
However I can add an interface that duplicates the permanent interface, E.G.
with interface entry:
lan eth0 -
I can now issue command:
shorewall add eth0 lan
/var/lib/shorewall/zones now contains:
lan eth0:0.0.0.0/0 +eth0:0.0.0.0/0
If I try to delete eth0 from lan with the following command:
shorewall delete eth0 lan
I get a message saying eth0 is a permanent member of zone lan
and it isn't deleted.
Steven.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
