On 11/27/2012 03:00 PM, Mr Dash Four wrote: > >> 1) Only the 'start' command initializes the switches; other commands >> leave them as they are? >> > Yep, simply because switches, once initialised, are persistent > regardless of the state of shorewall, so it would only make sense to > initialise them: 1. within "init" inside 'if [ "$COMMAND" = start ]; > then'; or 2. within "start" or "started" inside "if [ ! -f > "/proc/net/nf_condition/switch_name" ]; then".
'init' won't work because the switches don't yet exist before initial 'start'. > >> 2) If the same switch is initialized to different values in different >> rules, then an error message is to be generated? >> > Hmm, haven't thought of that - makes sense, not just for "rules", but > for various other places where SWITCH column could be used (in the man > page describing this functionality you could point out that the initial > value could be set in "params", so that this sort of error could be > avoided). But then you have to make an entry in "params" for each switch; might as well make it in 'started'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
