On 04/25/2013 03:56 PM, Dash Four wrote: > > Dash Four wrote: >>> Please give the attached patch a try. It also corrects a problem where >>> not all nfacct objects were created by the generated script. >>> >> Thanks, Tom - will give it a go when I get home in a few hours. > All is in working order. There is a minor (cosmetic) change I did in > Accounting.pm - see attached. > > One other issue I stumbled upon - normally, nfacct objects are > persistent (i.e. they survive shorewall reload/restart etc), but if I > would like to wipe out the entire accounting table (and make sure that > nothing is left out!) I usually need to run "nfacct flush". I tried > doing that in "init", but got an error from iptables that the > "accounting object does not exist" - I am assuming that this is because > "init" runs *after* the new accounting objects have already been added.
No -- it is because init is run while the current objects are still in use by the current ruleset. Because Shorewall uses iptables-restore, there is never a point where it is guaranteed that no nfobjects are in use. The only way to do what you want is to place the 'nfacct flush' command in the stopped script and do a "shorewall stop; shorewall start" > > If that is indeed the case, is there a way I could instruct shorewall to > wipe out the existing nfacct table at the precise moment where: > > 1. There are no iptables rules in existence; and There is not such a point during restart. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
