On 3/16/2015 8:24 PM, Brian J. Murrell wrote: > So, I have "SAVE_IPSETS=Yes" in /etc/shorewall.conf but my understanding > is that that only saves the ipsets when shorewall is being shut down. > > But that doesn't account for a router "reboot" (i.e. power outage, etc.) > and what changes were made to the ipset since the stop and the > unexpected router death. What would though would be periodically (even > after every ipset change if one was really paranoid) saving the ipsets > while shorewall is running. > > Is there a manual "save ipsets" command in shorewall[-lite]?
Not currently.
> Something along the lines of:
>
> # shorewall[-lite] saveipsets
>
> FWIW, I did notice
>
> COMMAND="$1"
>
> case "$COMMAND" in
> ...
> savesets)
> if [ $# -eq 2 ]; then
> save_ipsets $2
> else
> usage 2
> fi
> ;;
>
> In the generated "firewall" script but could not work out how that could
> get called. It seems like I ought need to specify where I want them
> saved either. It should just save them in ${VARDIR}/ipsets.save like it
> does in stop_firewall().
The savesets command in the generated script is invoked by the CLI when
processing the 'save' command.
I'll add a command which does what you want.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
