> It depends on whether you have Shorewall-init installed. Since you > aren't beating on me about it's shortcomings, I assume that you have not > installed that package. > Hehe, I am not that bad! You are right, though, I don't have it installed - I just use shorewall.
>> If I want to "cheat" (as I often do!) I could artificially "open" tun0, >> start shorewall and then close that device. What would happen then (if >> anything)? >> > > Nothing, unless you are running Shorewall-init. > Maybe then shorewall shouldn't place such restrictions in this case - the device traffic shaping rules are "ignored" by shorewall if the device in question is not "present" (or up) and if that doesn't actually matter (which I presumed was the case as I was able to "bypass" shorewall completely and recreate those policies using iptables/tc without the device being "present") this restriction should be removed. To "force" shorewall to apply my traffic shaping policies for this device I currently have to run a separate program in rc.sysinit to bring the tun0 device into existence (and up), then let shorewall do its work, after which I close the device in rc.local. If there is no need for this restriction, then it should be removed. ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
