On 5/9/11 12:58 PM, Mr Dash Four wrote: > >> Aren't you only doing that if $COMMAND = start? >> > Yeah, I have that, but it still gets executed if "reload" or "restart" > is called upon as I see the loading of ipsets in the syslog (I > customised that part of init to show me what's happening).
Does your customized init script execute stop/start for reload and restart? Because if you actually run /sbin/shorewall restart, $COMMAND will contain 'restart'. > >>> Besides, if there is traffic currently on the >>> other (unaffected) interfaces that would be disrupted if a >>> restart/reload of shorewall is initiated. >>> >> >> Shouldn't be. >> > Well, it resets all the rules, classes, counters etc, so this is bound It does not reset all rules. It uses iptables-restore which does an atomic ruleset swap of each Netfilter table. Resetting traffic shaping doesn't disrupt the flow of traffic; it just makes it uncontrolled for a short interval. Clearing policy routing can cause traffic to be mis-routed momentarily but retries will allow sessions to recover without disconnects. And you aren't using that feature. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
