Andrew Suffield wrote: > On Sat, Nov 18, 2006 at 12:23:28PM -0800, Tom Eastep wrote: >> Andrew Suffield wrote: >>> On Sat, Nov 18, 2006 at 08:39:31AM -0800, Tom Eastep wrote: >>>> If you want that behavior, then you will have to copy the contents of the >>>> ipsets >>>> file into your init script as in: >>>> >>>> ipset -R << _EOF_ >>>> <contents of ipsets> >>>> _EOF_ >>> Ah, I'll do that. Still, shorewall should probably throw an error >>> rather than generate a firewall script that can't possibly work. >> Please try the attached patch -- it moved processing of ipsets to the >> firewall system. > > Oh, cool. I'll try it next time I get a chance (probably some day this > week - I'm not at that site every day, and don't like to meddle with > the firewalls over the internet). > > If I understand it correctly, I have to put the ipsets file into > /var/lib/shorewall-lite on the target system by hand?
Put it in /etc/shorewall-lite/ -- you can do that on the firewall system using ipset -S > /etc/shorewall-lite/ipsets -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
