On 9/17/10 7:25 AM, Mr Dash Four wrote: > >> Okay -- I think I have this working. >> >> I propose that we have one more 4.4.13 Beta that includes this new >> blacklisting implementation, and then I'll produce 4.4.13 RC 1. >> >> Any objections? >> > No objections from me as the blacklist issue is the only thing which > needs to be tested - I've tested the SELinux context features and they > work as they were supposed to (I might have something on deciphering the > number behind secmark=xxx next week - will post it here). > > Just a note of caution which you may put against the explanation for > SAVE and RESTORE, particularly if there are additional restrictions in > place (like IP addresses, port numbers etc) or multiple SAVE/RESTORE > statements in any particular chains - it is very easy when SAVE > xx.xx.xx.xx 22 and then RESTORE is issued to assume that the correct > context has been restored. The SAVE and RESTORE will only be activated > (executed) if the additional parameters after those statements match, > otherwise nothing happens (and the correct SELinux context might not be > saved/restored). I know it may be blatantly obvious for some, but I've > made these mistakes until I learned the right way, so it is better to > point these things out to save others (pun intended). > > That is one of the reasons I use a 'blank' SAVE and a 'blank' RESTORE at > the end of each chain, so that no matter what SELinux context has been > set it is always saved (even if it is not set it does NO harm whatsoever > for it to be 'saved') and then restored. > > Just thought that needs to be emphasised when SAVE/RESTORE are explained > in the man page file. > > Another little note for a minor annoyance - in almost all of your man > pages your left alignment is off - every so often when you list > parameters/columns the left margin gets bigger and bigger, fitting less > information on a line - though you may want to know that.
The manpages (like all of the Shorewall documentation) are maintained in XML Docbook; the available xml to manpage translators suck. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
