Le Wed, 28 Jul 2010 17:05:45 -0700, Tom Eastep <[email protected]> a écrit :
> On 7/28/10 4:44 PM, lanas wrote: > > On Wed, 28 Jul 2010 06:35:22 -0700, > > Tom Eastep <[email protected]> wrote : > > > >>> Shorewall will do no action and report that it has not run > >>> before if a 'shorewall clear' is done on a 'virgin' system freshly > >>> installed. Is there a way to make Shorewall think it already has > >>> run and that really we want the 'clear' action to be taken > >>> anyways ? > > > >> Only if you create a configuration and compile it ('shorewall > >> compile'). > > > > For a user interface that would like to always keep the same call to > > clear the firewall it seems that on a newly-installed system it'd be > > possible to have a "fake" firewall script in I > > think /var/lib/shorewall (not sure of the location at the moment) > > that would accept a clear command. Thereafter, when the suer > > actually configures a firewall this script would get overwritten by > > Shorewall with an actual firewall script (after being a .start > > script). It sounds reasonable to do this, so far (haven't tried it > > yet). > > I'm fail to understand why you need a 'clear' command before you have > ever started Shorewall. Ah, this is because at very early in the boot sequence, everything is set to drop, apart from local traffic (to let communications between local daemons and apps). Later on, when such a high-level app comes to life, it will either install a pre-configured firewall (using a generated set of Shorewall files and shorewall restart) or, if no configuration is found, will put everything to ACCEPT, hence the clear command. That clear command can be done using straight iptables, but it could also be done using a single 'shorewall clear' command which is an available user option after all. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
