On 08/09/2017 12:56 AM, Vieri Di Paola via Shorewall-users wrote:
> Hi,
> I read the shorewall man page regarding the "reload" and "restart" commands. 
> From a practical point of view and with default shorewall.conf settings in 
> 5.1, if I change/add/delete entries in the "rules" file, and issue the 
> "reload" command then I should expect the following:
> - existing connections will not be affected
> - the "new rules" will be processed and applied
> Same thing should happen when changing entries in snat, mangle, routes, 
> rtrules. The params file should also be re-read.
> Correct?
> So, with shorewall >=5.0.15, when would it be useful to issue the "restart" 
> command? The only scenario I can think of is if I wanted to interrupt active 
> connections (or at least preserve only those in "stoppedrules").

With ADMINISABSENTMINDED=Yes, active connections are not interrupted
during restart. New connections not allowed by stoppedrules are denied
during the time that the firewall is stopped.

With RESTART=restart, doing a 'restart' allows the 'stop' and 'stopped'
extension scripts to be executed whereas 'reload' does not. So if you
have something in those scripts that you want done, then 'restart' is

Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Shorewall-users mailing list

Reply via email to