Hi Tom,
On 11 Apr 2016 at 15:28, Tom Eastep wrote:
> Hi Matt,
>
> On 04/10/2016 07:10 AM, matt darfeuille wrote:
> > Hi,
> >
> > I have some questions/requests!:
> >
> > Could it be possible to specify a tag(logger -t <tag> -p ...) to
> > logger?:
> > That way it would be easier to identify in the log when for example
> > shorewall lite was started by shorewall init(the 'logger -t' default
> > value(current user) wouldn't be used)!
>
> How are you proposing that the tag be specified? Via a command option?
>
Yes a command line option would be ideal:
In the openwrt's init script of shorewall-init I would do something like:
${STATEDIR}/firewall ${OPTIONS} --logger_tag shorewall-init stop
and the logger command would be
logger -t $option -p kern.info ...
and I would get in the log
Wed Apr 13 11:54:54 2016 kern.info shorewall-init: ...
> >
> > Is there any reason why shorewall-lite does not support for example
> > the refresh command?:
> > The reason I'm asking is that in the dhcp article on shorewall.org
> > the refresh command need to be executed when the dhcp client is
> > bound.
> > What I use now is a function in lib.private:
> > refresh_private(){ ${VARDIR}/firewall refresh; }
> >
> > Or is there a better way to refresh shorewall-lite?
>
> The refresh command was created back when Shorewall ran iptables for to
> add every rule and there was no Shorewall-lite. Then, a restart took
> significant time - especially on slower hardware. We also did not have
> dynamic blacklisting, which meant that blacklisting a new address
> required adding the address to /etc/shorewall/blacklist and then doing a
> 'shorewall restart'. The
> refresh command only rebuild part of the ruleset, so it was considerably
> faster. Today, especially with AUTOMAKE=Yes, the reload command is fast
> and we have dynamic blacklisting.
>
> Given that changing the Shorewall-lite configuration must be done on a
> remote administrative system, there is no justification for having a
> refresh command. What I need to do is to update the DHCP article to
> remove reference to the refresh command.
>
Thanks for the explanation -- I'll change my config accordingly!!!:)
> >
> > I build shorewall from git on cygwin and also used cygwin as an
> > administrative system on Windows which is case-insensitive.
> > Could an .deprecated extension be used when the case of a file is
> > changed(I understand that would also require modifying shorewall to
> > look for a .deprecated extension if a macro with the given name is
> > not found)?
> > EG:
> > macro.SNMPTrap to macro.SNMPTrap.deprecated
> > action.A_rEJECT to action.A_rEJECT.deprecated
> >
> > In other words could a naming convention be used that is
> > cross-platform?
> >
>
> I'll think about it -- I think the easiest way is to create a
> /usr/share/shorewall[6]/deprecated/ directory, put deprecated files
> there, and add that directory to the CONFIG_PATH during 'shorewall[6]
> update'.
>
Fine with me -- Thanks for considering it!
> > Out of curiosity, is there any reason why build50 couldn't be used to
> > build none-5.0 version of shorewall(assuming that build50 would be
> > slightly modified to allow built of none-5.0 version)?
>
> I've gotten in the habit of creating a new build script for each major
> release -- to build earlier releaases, I just use the corresponding
> build script.
>
The older scripts don't have the changes added to build50 but I understand that
it's easier to do it that way!!!:)
> >
> > The gpg key used to sign git tags/commits has expired!
> >
>
> I've uploaded all three of the public keys that I use.
>
Again thanks!!!:)
-Matt
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
