Andrew Suffield wrote: >I have a couple of firewalls that are rather complicated - one has 21 >interfaces, and the other has about 50 (there's some heavy use of >802.1q, they only have half a dozen network cards). They work okay, >but - compiling the rules takes a long time even on the faster >servers, and restarting shorewall-lite takes between 5 and 10 minutes >(during which time, only the routestopped stuff will work).
And I thought my 1 1/2 minutes to restart my setup with accounting rules for in and out on 254 addresses was bad ! Would it be 'less bad' to setup routestopped to allow everything ? I know it gives people a small window to do stuff they shouldn't - but is that better or worse than losing connectivity for 5 minutes ? ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
