>> As I have already described, shorewall-init executes this command:
>>
>> /var/lib/shorewall/firewall restart
>>
>> So it reloads "the whole lot".
>>
>
> Actually, it executes
>
> /var/lib/shorewall/firewall {up|down} <interface>
>
> For optional interfaces, that is equivalent to
>
> /var/lib/shorewall/firewall restart
>
> For required interfaces, it is equivalent to
>
> /var/lib/shorewall/firewall {start|stop}
>
I take it the bottom line is that everything is reloaded/restarted. It
would have been better if it was possible to just reload the changes
which truly affect the running of the firewall if that particular device
goes up/down (you pointed out what these are in previous posts) and not
just "reload everything". If that was possible I would have probably
gone that way and use shorewall-init without bothering with rc.sysinit
scripts and the like.
I guess this must be complicated as there may be some interdependencies
between various devices - can't comment on that further as I am not
really an expert in this and judge everything purely from a (selfish)
user perspective.
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
