On Sun, Mar 02, 2014 at 10:09:27AM -0800, Tom Eastep wrote: > > What to do? I'm leaning toward treating the stoppedrules file as if > ADMINISABSENTMINDED=Yes. Recall that if there are any entries in > routestopped, then stoppedrules is not processed. That way, we can > restore the documented ADMINISABSENTMINDED=No behavior for existing > routestopped users and still make stoppedrules work correctly. > Tom,
If I understand what you are saying, then placing anything in stoppedrules will result in effectively forcing behavior equivalent to ADMINISABSENTMINDED=Yes (regardless of how it is set in shorewall.conf). If there is nothing in stoppedrules (or no stopped rules file at all) then the setting of ADMINISABSENTMINDED in shorewall.conf will be in effect. I am of the opinion that this is the right approach. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
