On 5/9/11 8:36 AM, Mr Dash Four wrote: > >> Everything will be back to normal, unless you need policy routing out of >> the device (providers file). >> > I don't use it - the tun0 device acquires its ip address upon connection > (and adds 4 routing table entries which are deleted when the connection > is closed). I take it then, everything I defined previously in terms of > tcclasses, tcrules, tcfilters and the like will be fully operational, > provided that device stayed in UP state and was open all along? > > The alternative, as you suggested, is to use shorewall-init, but I > haven't looked at it yet and I am not sure whether it is clever enough > to reload the firewall and introduce only the policy(ies) for that > particular device (rules entries, tcclasses, tcfilters, tcrules etc) and > not reload the whole lot, which would be a bit of a waste really.
As I have already described, shorewall-init executes this command:
/var/lib/shorewall/firewall restart
So it reloads "the whole lot".
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
