On Mon, 2008-03-24 at 09:06 -0700, Tom Eastep wrote: > > Sorry -- I meant '-n'.
Hrm. 4.0.6 doesn't document a "-n" option either. But it's moot for my
purposes given the comment at the bottom.
> It may need to be cooperative where Shorewall creates the overall
> infrastructure and the policy routing package fills in the appropriate
> chains (it can do that with iptables-restore without wiping out the
> entire table).
If you remove policy routing from Shorewall, does Shorewall need the
mangle table for anything else? Is policy routing handled anywhere else
in netfilter other than the mangle table? I'm trying to judge the
feasibility of actually achieving the goal.
I think trying to create a wholly separate project for policy routing
that depends on some work that Shorewall does in preparation for it
makes the idea of separate project that much more difficult.
If each can stand on their own and solve their particular problems, it
gets easier to separate them.
> > Oh? Does it? Now that would be nice. Ahhh. But you said
> > Shorewall-perl. I suppose there is no parallel operation for
> > shorewall-lite?
>
> Not really.
Indeed. :-( Which is why I simply use "restart" on my shorewall-lite
system. Certainly it's not overly slow to do so with Shorewall 4, but
I'm a miser and endeavour to avoid waste wherever I can and I if could
avoid the need to reload the whole policy on my -lite system when all I
want to do is adjust routing I would. :-) But as I live with a restart
now and it appears to do the job (the "default route{r,s}" thread aside)
it's not a terrible imposition for me currently.
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
