On 08/09/2017 12:56 AM, Vieri Di Paola via Shorewall-users wrote: > Hi, > > I read the shorewall man page regarding the "reload" and "restart" commands. > From a practical point of view and with default shorewall.conf settings in > 5.1, if I change/add/delete entries in the "rules" file, and issue the > "reload" command then I should expect the following: > > - existing connections will not be affected > - the "new rules" will be processed and applied > > Same thing should happen when changing entries in snat, mangle, routes, > rtrules. The params file should also be re-read. > > Correct? > > So, with shorewall >=5.0.15, when would it be useful to issue the "restart" > command? The only scenario I can think of is if I wanted to interrupt active > connections (or at least preserve only those in "stoppedrules"). >
With ADMINISABSENTMINDED=Yes, active connections are not interrupted during restart. New connections not allowed by stoppedrules are denied during the time that the firewall is stopped. With RESTART=restart, doing a 'restart' allows the 'stop' and 'stopped' extension scripts to be executed whereas 'reload' does not. So if you have something in those scripts that you want done, then 'restart' is appropriate. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users