On 10/26/06, Vieri Di Paola <[EMAIL PROTECTED]> wrote: > I was wondering if there could be a slight change to > the Shorewall configuration files. > > It's a Gentoo-specific issue but some other > distributions might find some interest in this. > > Basically, whenever a Gentoo user updates his/her > shorewall from portage via > > # emerge shorewall > > the ebuild asks the user to update the config files in > /etc/shorewall and proposes going through diffs. > The problem is that most of the time the user just has > to update the header (i.e. documentation) of each > config file. The user entries (e.g. shorewall rules) > are usually left untouched unless there's a new column > in the new version, etc.
I don't really see the point of updating the headers of the files, but not the content. AFAIK shorewall is usually able to run with 'older' config files by assuming reasonable defaults. What you are proposing would be very confusing, because the rules that follow the header might not match the documentation in the header anymore. If you update one, you should also update the other, and the rules can't be updated automatically, so it's better to do this by hand alltogether. > So maybe if the Shorewall config files could > source/include other "custom" config files then the > upgrade process would be a lot easier. > For example, default shorewall installation puts the > rules file in /etc/shorewall. If the default rules > file could contain a statement such as ". > rules_custom" or "include rules_custom" the only real > "diff" that the user would have to worry about is > uncommenting this line in the new version. > > Of course one could define a different config file > path in shorewall.conf and point to something like > /etc/shorewall_custom. > But by upgrading for example from 3.0 to 3.2 the user > would have to deal with more than just file content. > One would have to move over new files such as > route_rules, etc. > In other words the Gentoo emerge procedure would be to > my understanding a lot simpler if the default > configuration files could include custom files. > I believe FreePBX/Asterisk does something of the sort > (e.g. sip.conf can include sip_custom.conf). Debian I believe does not do automatic updates of shorewall configuration files, for the reason mentioned above. > Maybe I'm overlooking something and I would greatly > appreciate advice on this. > > Vieri ~David ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
