On May 15, 2011, at 11:59 AM, Tom Eastep wrote: > > On May 14, 2011, at 9:14 PM, Tom Eastep wrote: >>> >>> 2. >>> tcrules >>> bb:12 $FW +[mickey-mouse,ip-port] tcp >>> >>> "shorewall check/compile" passes, but it fails when shorewall >>> reload/restart is executed with "...Set mickey-mouse doesn't exist.". In >>> other words, shorewall don't capture this error. I am not sure whether >>> shorewall used to capture this before - i.e. the (non)existence of insets. >> >> Shorewall hasn't, doesn't and won't verify the existence of ipsets. >> Shorewall rulesets can be compiled on one system and executed on another >> system running shorewall-lite. Or, as you do, the /etc/shorewall/init file >> can create and load ipsets that don't exist before the script runs. I'm sure >> that if the Shorewall compiler generated a compile-time error or warning >> message about a missing ipset, you would be on this list pointing out how >> stupid the product is. > > After thinking about this some more, it seems reasonable to issue a WARNING > if: > > a) The compiler is being run by root (The 'inset' program requires that).
...'ipset'. Seems like I always want to type 'inset'. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
