Hello,
Using recent Shorewall versions (4.5.11 and 4.5.3) it seems
that an active TC config is not removed when using 'restart' with
a config that does not have any TC parameters. Version 4.5.2
does remove a TC config.
Here's how the test is made.
1) state: no firewall config applied. iptables returns all
ACCEPT. tc returns no information when queried about the
interface that will receive TC config in the next steps.
shorewall.conf has: 'TC_ENABLED=Internal'.
2) The following simple config is applied by changing to the
directory where the config files are located and issuing:
using 'shorewall restart .'
zones
fw firewall
net ipv4
interfaces
net switch.0001
policy
all all ACCEPT
tcdevices
switch.0001 0 75mbit
tcclasses
switch.0001 1 full*1/10 full*9/10 1
switch.0001 2 full*3/10 full*7/10 1 default
tcrules
1 172.30.159.102 0.0.0.0/0 all
3) state: iptables returns FW config. tc returns proper class
information: 'tc -s -d class show dev switch.0001'
4) The tc* files are moved away from the config directory
5) 'shorewall restart .' is executed
6) state: the tc command still returns the class information. With
Shorewall 4.5.2 and the same test the TC config is wiped from the
system.
Thanks.
------------------------------------------------------------------------------
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
