On 01/08/2013 07:32 AM, Fred Maillou wrote: > Hello, > > Using recent Shorewall versions (4.5.11 and 4.5.3) it seems > that an active TC config is not removed when using 'restart' with > a config that does not have any TC parameters. Version 4.5.2 > does remove a TC config. > > Here's how the test is made. > > 1) state: no firewall config applied. iptables returns all > ACCEPT. tc returns no information when queried about the > interface that will receive TC config in the next steps. > shorewall.conf has: 'TC_ENABLED=Internal'. > > 2) The following simple config is applied by changing to the > directory where the config files are located and issuing: > using 'shorewall restart .' > > zones > > fw firewall > net ipv4 > > interfaces > > net switch.0001 > > policy > > all all ACCEPT > > tcdevices > > switch.0001 0 75mbit > > tcclasses > > switch.0001 1 full*1/10 full*9/10 1 > switch.0001 2 full*3/10 full*7/10 1 default > > tcrules > > 1 172.30.159.102 0.0.0.0/0 all > > > 3) state: iptables returns FW config. tc returns proper class > information: 'tc -s -d class show dev switch.0001' > > 4) The tc* files are moved away from the config directory > > 5) 'shorewall restart .' is executed > > 6) state: the tc command still returns the class information. With > Shorewall 4.5.2 and the same test the TC config is wiped from the > system.
What is the setting of CLEAR_TC in shorewall.conf? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
