On 5/9/11 9:20 AM, Tom Eastep wrote: > On 5/9/11 8:36 AM, Mr Dash Four wrote: >> >>> Everything will be back to normal, unless you need policy routing out of >>> the device (providers file). >>> >> I don't use it - the tun0 device acquires its ip address upon connection >> (and adds 4 routing table entries which are deleted when the connection >> is closed). I take it then, everything I defined previously in terms of >> tcclasses, tcrules, tcfilters and the like will be fully operational, >> provided that device stayed in UP state and was open all along? >> >> The alternative, as you suggested, is to use shorewall-init, but I >> haven't looked at it yet and I am not sure whether it is clever enough >> to reload the firewall and introduce only the policy(ies) for that >> particular device (rules entries, tcclasses, tcfilters, tcrules etc) and >> not reload the whole lot, which would be a bit of a waste really. > > As I have already described, shorewall-init executes this command: > > /var/lib/shorewall/firewall restart > > So it reloads "the whole lot".
Actually, it executes
/var/lib/shorewall/firewall {up|down} <interface>
For optional interfaces, that is equivalent to
/var/lib/shorewall/firewall restart
For required interfaces, it is equivalent to
/var/lib/shorewall/firewall {start|stop}
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
