> Does your customized init script execute stop/start for reload and > restart? Because if you actually run /sbin/shorewall restart, $COMMAND > will contain 'restart'. > My bad! I have been replacing the shorewall init script since I can remember because the one supplied with shorewall is crap. As it turned out, it has "stop/start" in it instead of "restart" and that is what caused the whole thing. I will be packaging shorewall from source from now on so that I could patch the bits on the script supplied the way I want (and not just blindly copy an old script over).
> It does not reset all rules. It uses iptables-restore which does an > atomic ruleset swap of each Netfilter table. Resetting traffic shaping > doesn't disrupt the flow of traffic; it just makes it uncontrolled for a > short interval. > > Clearing policy routing can cause traffic to be mis-routed momentarily > but retries will allow sessions to recover without disconnects. And you > aren't using that feature. > I have to investigate this a bit more carefully! Even though the restart is now much faster that is on a fast machine, on a slow one I have to see how it behaves when I try this on a low-end system - in terms of performance as well as resources it takes/uses. I also do not wish the traffic flow to be disrupted in any way (I am mostly worried about VOIP traffic, which is time-sensitive). ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
