On Sat, 10 Oct 2015 12:25:28 -0700 Tom Eastep <[email protected]> wrote:
> The Shorewall Team is pleased to announce the availability of > Shorewall 5.0.0. > > Problems Corrected: > > 1) This release includes defect repair up through Shorewall 4.6.13.1. > > 2) The compiled script now uses the %e date format rather than %_d, > for Busybox compatibilty. (Erich Titl) > > New Features: > > 1) To make the command names more accurately reflect what they do, > several changes have been included: > > a) Beginning with this release, the 'restart' command now does a > true restart and is equivalent to a 'stop' followed by a > 'start'. I am against this change. I vote for a change for this. Nobody expects firewall restart to stop traffic - ever. I vote for removing LEGACY_RESTART= option from config and replacing it with: RESTART_IS_STOP_AND_START=No Note: default value should be No - and this config option should not be in shorewall[6].conf at all, it's for those who have special reason for RESTART to do stop and start instead of current reload which is only sensible option for a firewall software. Also there is a real problem in 5.0.0. Default value for LEGACY_RESTART=No - and old configs don't have this option! So this breaks all system with old configs now by causing traffic to stop during restart. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/>
pgp8wTFphgblM.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
