On 9/13/10 3:11 PM, Steven Jan Springl wrote: > > If I start the firewall without an interface defined as dynamic. > Change an interface to dynamic and restart the firewall, it works. > > In the attached part of the script generated from a 'shorewall compile ... ' > it can be seen that IPSET is not executed on a 'shorewall start' >
The attached patch seems to generate the correct code for 'start'. Thanks, Steven -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm
b/Shorewall/Perl/Shorewall/Chains.pm
index af851a6..47773c8 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3816,8 +3816,15 @@ sub load_ipsets() {
' $IPSET -F' ,
' $IPSET -X' ,
' $IPSET -R < ${VARDIR}/ipsets.save' ,
- ' fi' ,
- 'elif [ "$COMMAND" = restore -a -z "$g_recovering" ]; then' ,
+ ' fi' );
+
+ if ( @ipsets ) {
+ emit ( '' );
+ emit ( " qt \$IPSET -L $_ -n || \$IPSET -N $_ iphash" ) for
@ipsets;
+ emit ( '' );
+ }
+
+ emit ( 'elif [ "$COMMAND" = restore -a -z "$g_recovering" ]; then' ,
' if [ -f $(my_pathname)-ipsets ]; then' ,
' if chain_exists shorewall; then' ,
' startup_error "Cannot restore $(my_pathname)-ipsets
with Shorewall running"' ,
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
