Tom Eastep wrote: > On 04/25/2013 03:56 PM, Dash Four wrote: > >> Dash Four wrote: >> >>>> Please give the attached patch a try. It also corrects a problem where >>>> not all nfacct objects were created by the generated script. >>>> >>>> >>> Thanks, Tom - will give it a go when I get home in a few hours. >>> >> All is in working order. There is a minor (cosmetic) change I did in >> Accounting.pm - see attached. >> >> One other issue I stumbled upon - normally, nfacct objects are >> persistent (i.e. they survive shorewall reload/restart etc), but if I >> would like to wipe out the entire accounting table (and make sure that >> nothing is left out!) I usually need to run "nfacct flush". I tried >> doing that in "init", but got an error from iptables that the >> "accounting object does not exist" - I am assuming that this is because >> "init" runs *after* the new accounting objects have already been added. >> > > No -- it is because init is run while the current objects are still in > use by the current ruleset. Because Shorewall uses iptables-restore, > there is never a point where it is guaranteed that no nfobjects are in > use. The only way to do what you want is to place the 'nfacct flush' > command in the stopped script and do a "shorewall stop; shorewall start" > Yeah, that's good, suits me fine, thanks.
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
