[ Not sure my CC to -devel will actually propagate but I will give it a go ]
On Mon, 2008-03-24 at 07:50 -0700, Tom Eastep wrote: > > Sure. Feel free. OK. > I would like eventually to get Shorewall entirely out of the routing > business because I really think that routing should be controlled > separately from the firewall. There is no earthly reason why restarting > the firewall should have to rebuild the policy routing configuration > (although that can be avoided by using the '-r' option of restart). My 4.0.6 does not show a -r option to restart. But yes, I agree that policy routing and general firewalling are only very loosely related if at all and only by nature of the firewalling rules marking packets for policy routing. In that latter case, it just makes it easier to build the policy routes from the same configuration source that is marking the packets rather than having to keep two completely unrelated and separate software packages in sync (i.e. wrt to routing policy marks). Perhaps your feeling is that Shorewall should not even be touching the mangle chains and that some policy routing package should be doing that. > Similarly, there should be no need to reload the Netfilter ruleset to > change the policy routing configuration Indeed! > (although the 'refresh' command > under Shorewall-perl does that to a large extent). Oh? Does it? Now that would be nice. Ahhh. But you said Shorewall-perl. I suppose there is no parallel operation for shorewall-lite? > I have similar feelings about traffic shaping, especially now that > Shorewall 4.1 supports u32 classifiers that are totally independent of > Netfilter. Sounds like 4.1 (er, 4.2 I guess) is going to be an "interesting" release. > From an HA (as you use the term) perspective though, both traffic > shaping and routing need to be rebuilt after a network interface comes up. Indeed. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
