> And given that restart (without compilation) is fast and > non-disruptive, it seems like the right approach. > It isn't in my case - I have init script running which loads some 30k+ subnets and addresses into ipsets (that runs on various machines ranging from lo-end ppc 604e to Core2 Duo on 3.1MHz), not to mention the various port ranges I am loading. Besides, if there is traffic currently on the other (unaffected) interfaces that would be disrupted if a restart/reload of shorewall is initiated.
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
