Andrew Suffield wrote: > On Fri, Oct 05, 2007 at 09:28:47PM -0400, Roberto C. S?nchez wrote: >> On Fri, Oct 05, 2007 at 06:12:02PM -0700, Tom Eastep wrote: >>> Lesson: >>> >>> If you don't get your Shorewall packages from shorewall.net, you can't >>> be sure that they do what the developers intended. >>> >> This might merit a bug report against the Debian package. > > It's the fix to #342609. The problem is that the required behaviour > from "/etc/init.d/foo stop" on a Debian host is not the same thing as > the expected behaviour from "shorewall stop". shorewall interprets > "stop" as meaning "stop the firewall, so no traffic moves", while > Debian interprets it as "stop the package, so my system behaves as if > it wasn't installed". It's a question of whether you're thinking of > the host as being a firewall, or as being a platform for various > packages to run on. > > There is no solution other than user education. Don't use the init > script if you meant to say "shorewall stop". The word just doesn't > mean the same thing in different contexts.
Roberto This might be another point to make on your "Shorewall on Debian" article on the Wiki. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
