On 3/8/2014 8:20 AM, Tom Eastep wrote: > > 2) The behavior of ADMINISABSENTMINDED=No is corrected.
Here is an expanded version of this change description:
2) The behavior of ADMINISABSENTMINDED=No is corrected. Previously,
'shorewall stop' would not block existing connections regardless of
the setting of this option. Beginning with this release, the
behavior of ADMINISABSENTMINDED=No depends on whether the
routestopped or the stoppedrules file defines the allow connections
while the firewall is stopped.
If there are entries in /etc/shorewall[6]/routestopped or if there
are no entries in /etc/shorewall[6]/stoppedrules, then the behavior
of ADMINISABSENTMINDED=No is as documented (existing connections
are blocked unles they are allowed by
/etc/shorewall[6]/routestopped). If there are no entries in
/etc/shorewall[6]/stoppedrules but there are entries in
/etc/shorewall[6]/stoppedrules, then the behavior is as if
ADMINISABSENTMINDED=Yes and a warning message is generated.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
