On Thu, 2011-07-21 at 13:50 +0100, Ed W wrote: > Hi Tom > > If I set /etc/shorewall/init to something like "echo $COMMAND", then I > notice that starting (or restarting) shorewall with "-f" doesn't run > init (nor refresh) > > This doesn't seem deliberate according to the docs here: > http://shorewall.net/shorewall_extension_scripts.htm > > I notice that run_init_exit() is defined as per the init file in > /var/lib/shorewall/firewall, however, it's not defined in > /var/lib/shorewall/restore > > So if I never run shorewall save, then "-f start" runs the firewall > script. However, if I run save, then "-f start" seems to then use the > restore script? Expected? > > However, I don't see the restore script ever get recreated other than by > forcing it to be (shorewall save)? Touching some file in rules and then > running "-f start" causes a recompile and the "firewall" script is run. > Subsequently stopping and restarting causes the command to be "restore", > which reads the (older) "restore" file and not the "firewall" file > > I think this isn't intended, but I'm not quite sure how we want to > define the various files? In this case I suspect my error is to use the > -f flag, since setting AUTOMAKE=true appears to do mostly the same thing > only it then uses the firewall file to restore. Question is what we are > gaining by -f referencing the restore file which isn't maintained during > a restart? > > Should we default the RESTOREFILE= option to be "firewall"? Should the > -f flag not become a command line way to specify AUTOMAKE=true for this > one run? Is there still a bug in that the "init" and "refresh" script > isn't run when restoring from the "restore" script? Is it expected that > "restore" will ever be different to "firewall"? > > Thanks for any thoughts?
From the Shorewall 4.4.20 Release Notes:
6) Up to this release, the behaviors of 'start -f' and 'restart -f'
has been inconsistent. The 'start -f' command compares the
modification times of /etc/shorewall[6] with
/var/lib/shorewall[6]/restore while 'restart -f' compares with
/var/lib/shorewall[6]/firewall.
To make the two consistent, a new LEGACY_FASTSTART option has been
added. The default value when the option isn't specified is
LEGACY_FASTSTART=Yes which preserves the old behavior. When
LEGACY_FASTSTART=No, 'start -f' and 'restart -f' both compare with
/var/lib/shorewall[6]/firewall.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
