Brian J. Murrell wrote: > > >> I think that the >> OpenVPN > > OpenWRT?
Yes -- sorry.
>
>> /sbin/shorewall-lite should ensure that /var/lib/shorewall-lite
>> points to the correct directory (wherever you set LITEDIR).
>
> Interestingly it had occurred to me to make /var/lib/shorewall-lite
> point to /etc/shorewall-lite (my $LITEDIR on my OpenWRT box), although I
> had thought of doing that in the shorewall initscript.
That won't help the initial "shorewall load" from a remote host unless
you always reboot after installing shorewall lite.
>
> But as to your suggestion, a couple of questions...
>
> Is $VARDIR always /var/lib/shorewall-lite?
Yes.
>
>
> And do you think this solution is specific to OpenWRT?
Yes.
Does it not go hand-in-hand with the configurable $LITEDIR?
LITEDIR only exists because of OpenWRT. But I can justify putting it in
the main Shorewall distribution because it needs to be available on
administrative systems. I don't think it is reasonable for an admin
system to require patches that are specific to an individual Shorewall
Lite distro running on some of the firewall systems.
> Is this a patch you would
> like to see isolated to OpenWRT or do you think it should go into
> shorewall-lite proper?
I think it is specific to OpenWRT. Hopefully, OpenWRT is the only
distribution that believes that /var isn't persistent.
>
> Does:
>
> --- /usr/src/shorewall-lite-3.2.6/shorewall-lite 2006-11-14
> 23:09:13.000000000 -0500
> +++ /usr/src/shorewall-lite-3.2.6/shorewall-lite.openwrt 2007-04-15
> 15:02:24.000000000 -0400
> @@ -1254,6 +1254,11 @@
>
> get_config
>
> +if [ ! -d $VARDIR ]; then
> + mkdir -p $(dirname $VARDIR)
> + ln -s $LITEDIR $vardir
------ s/b VARDIR
> +fi
> +
> FIREWALL=$LITEDIR/firewall
>
> if [ -f $VERSION_FILE ]; then
>
> Look about right then?
Yes -- with the suggested change.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ [EMAIL PROTECTED]
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
