Brian J. Murrell wrote:
On Sun, 2008-03-23 at 15:42 -0700, Tom Eastep wrote:I'll be happy to link to anyone's site that hosts such a monitor project, provided that the project does it's own support.That's fair, and perhaps a workable solution. Perhaps such a project could leverage on the code of Shorewall.
Sure. Feel free.I would like eventually to get Shorewall entirely out of the routing business because I really think that routing should be controlled separately from the firewall. There is no earthly reason why restarting the firewall should have to rebuild the policy routing configuration (although that can be avoided by using the '-r' option of restart). Similarly, there should be no need to reload the Netfilter ruleset to change the policy routing configuration (although the 'refresh' command under Shorewall-perl does that to a large extent).
I have similar feelings about traffic shaping, especially now that Shorewall 4.1 supports u32 classifiers that are totally independent of Netfilter.
From an HA (as you use the term) perspective though, both traffic shaping and routing need to be rebuilt after a network interface comes up.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
