On 08/10/2017 09:21 AM, Vieri Di Paola via Shorewall-users wrote:
> 
> ________________________________
> From: Tom Eastep <teas...@shorewall.net>
> 
>> In both 'restart' and 'reload', the provider routing tables and rules> are 
>> purged then reloaded. But they were purged and reloaded on 5.0 as well.
> 
> 
> OK, but since 5.0 had OPTIMIZE=0 the "cut" was almost gone unnoticed.
> I'd like to keep OPTIMIZE=All in 5.1.
> So, since the stopped state is way longer, how do I allow lan-caib and 
> lan-ibs traffic?
> This alone in stoppedrules isn't enough:
> ACCEPT          $IF_LAN                $IF_IBS
> ACCEPT          $IF_LAN                $IF_CAIB
> 
> Please correct me if I'm wrong, but I need to build the appropriate routing 
> table as soon as shorewall is in the stop state.
> 

The stopped state is NOT longer in 5.1. The compilation step is longer,
but the time to run the script once it is compiled should be very close
to the same.

And, if you set RESTART=reload, then a 'restart' will never enter the
stopped state.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to