My comments are inline. > Hebbar, > > I'm copying the Shorewall Development list on my reply so other's may > comment on your request. > > Srinivasa Hebbar wrote: > > I am using shorewall extensively for last 2 years and I like it. > > I was using iptables commands directly before I come to know about > > shorewall. But now, I forgot all the iptables commands!. > > Amazingly good product. > > Thanks. > > > I am requesting you to provide the following feature additions > > to shorewall 3.4.4 > > The current stable release is 4.0 and that is the only series that I will > consider adding any features to. Furthermore, I'm pretty much restricting > new development to Shorewall-perl. > > > 1) lib.providers/verify_provider() > > Skip the route_rules entry if the specified PROVIDER is not in > > providers file. > > We can have a "optional" field in PROVIDER entry of route_rules.
> Why do you believe that it necessary? What is the point of having entries > in route_rules that have no corresponding entry in the providers file. > I agree, but if I have a dynamic interface such as PPP with optional field set in providers file, shorewall will not create a routing table entries for the failed/non existing link. But, route rules adds a policy route entry which is pointing to an empty table which is confusing. I would not like to see the the policy routing entry in the kernel to a failed optional empty provider table. > > 2) I am running Ubuntu dapper with /etc read-only. lib.providers fails to > > write > > /etc/iproute2/rt_table. > > Is it possible to add a variable in shorewall.conf to disable writing > > rt_tables. > > I want to manually write rt_tables. > > This doesn't halt the 'shorewall [re]start' command does it? Are you just > concerned about the error messages that it generates? > This doesn't halt the shorewall. But, I am manually adding more table entries in the rt_table, which will be erased by shorewall in case if I start/restart shorewall when /etc in mounted read-write. > > 3) shorewall/providers: > > when "optional" field is set, is it possible to call a plugin so that > > the plugin decides the interface is available or not? > > > > is_interface_usable should call a plugin. If the plugin returns > > non-zero value > > the interface should be consider not available. If the plugin returns > > 0, the > > is_interface_usable can continue with the existing checks to decide > > whether interface is available or not. > > > > The plugin name can be configured in shorewall.conf > > plugin requires atleast one command line parameter with interface > > name. > > I would be interested to hear what you would do in your plugin -- it might > be useful to extend is_interface_usable() rather than providing a plugin. > I have dual link to a particular location with static IP addresses configured. I am detecting link failures by some custom method. I will be starting/restarting shorewall when ever I detect link failures. The plugin will provide information whether a particular link is up or down. I know that LARTC dead gateway detection will help here but this feature in shorewall simplifies complexity without recompiling the kernel. > -Tom ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
