Tuomo Soini wrote: > Tom Eastep wrote: >> Andrew Suffield wrote: >>> It's an unfortunate >>> concidence that shorewall has a feature that duplicates part of the >>> behaviour of the init script. >> In hindsight, it was an unfortunate choice on my part. Using >> /etc/default/shorewall or /etc/sysconfig/shorewall to control startup at >> boot time would have been a better approach. > > There were other reasons behind that change too. By forcing everybody to > change shorewall.conf file from it's defaults to get it running it's > guaranteed that package upgrades won't replace shorewall.conf which is > vital part of shorewall version to version update requirements. >
True. And Debian users have been especially hard hit by shorewall.conf being replaced during upgrades and consequently changing the behavior of their firewalls. Although one could argue that the way I've tried to use shorewall.conf to change the default behavior of Shorewall over time is also broken; a lot of users have been burned by it because they didn't understand it and because shorewall.conf behaves differently from other products' configuration files. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
