Roberto C. Sánchez wrote:
> ...
>> See this from the Debian .diff.
>>
>> +# stop the firewall
>> +shorewall_stop () {
>> + echo -n "Stopping \"Shorewall firewall\": "
>> + $SRWL clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
>> -----
>> + return 0
>> +}
>> +
>>
>> So if you use the Debian init scripts and run "/etc/init.d/shorewall
>> stop", what you really get is "shorewall clear".
>>
>> If you follow the Shorewall documentation and run "shorewall stop"
>> instead, you get the behavior you (and we) wanted in the first place.
>>
>> Lesson:
>>
>> If you don't get your Shorewall packages from shorewall.net, you can't
>> be sure that they do what the developers intended.
>>
> This might merit a bug report against the Debian package.Given that Shorewall's most popular distribution as of our last survey (http://shorewall.net/survey-200603.html) was Debian, i think it would make sense to make it easy for Debian/Ubuntu users to use more recent versions of Shorewall that behave like Shorewall users expect. As Andrew has mentioned, i don't think we're likely to get far with getting Debian to change the behaviour of the package. So one thing on my mind lately is to provide a deb/apt repository that people could use to supplement their Debian/Ubuntu system and override the Debian packages with more recent Shorewall packages. I have a few of my own packages that i maintain in a personal repository, and i don't think it would be too hard to extend my scripts to build Shorewall from release tarballs and SVN. These could then be mirrored onto the main web site and provided for public use. (I think it would also be great if users of SUSE and Fedora/CentOS could do something similar to make it easy to keep Shorewall up-to-date with YaST and yum.) Paul <http://paul.gear.dyndns.org> P.S. I'd also like to run another survey soon (maybe mid-November when my study load decreases), but i don't want to limit it to 100 responses (which is Zoomerang's limit on free surveys). I've been looking at UCCASS (http://www.bigredspark.com/survey.html), and it seems quite good, but it will be a while before i get a chance to implement and test it fully.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
