Steve Hindle wrote:
> I'd like to add/remove 'temporary' rules to a running shorewall. I'd
> like to add a port forward to redirect web traffic when I shut my
> virtual servers down for backups, etc. ("Site currently down for
> maintenance please try later" type thing)
>
> It seems silly to bounce/reload shorewall 10 times in an hour for
> this, so I was just going to manually add/remove the rule from the
> firewall. However, I don't want to break anything Shorewall setup...
>
> So its there a specific table/chain I should add rules like this to
> (shorewall creates a lot of them!)? And should I use raw netfilter
> commands, or the run_iptables thingy that comes with shorewall?
>
> Any help would be appreciated!Port Forward/Redirect rules may be *inserted* (use the 'iptables -I' command) into the nat table's PREROUTING chain. Such rules will preempt anything that Shorewall has done. You will probably also have to insert an appropriate ACCEPT rule into the filter table INPUT chain. Use iptables directly. 'run_iptables' is only intended for use in Shorewall extension scripts. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
