On 08/11/2017 10:31 AM, Vieri Di Paola via Shorewall-users wrote:
> 
> ________________________________
> From: Tom Eastep <teas...@shorewall.net>
>>
>> So why don't you simply leave that route in place all of the time? Just
> 
>> define it in your distribution's networking config.
> 
> I'm used to using rtrules, routes, and providers with shorewall. I
> share those files with other members of the IT staff, and sometimes we
> need to change which provider provides a given subnet. Of course, all
> the routing (tables and rules) could be done by the OS, but it is more
> convenient for me to have it all within shorewall.

So long as the rtrules entries have a priority higher (numerically
lower) than the main RT (1000), you would still have complete control in
that way.

>> The 'reload' command already supports the -n option.
> 
> 
> If "reload -n" will NOT flush rules and tables previously created by
> "start" or "restart" then I guess I could use that, and move out the
> code I have in the files "stopped" and "started".
> 

Yes -- the code in "stopped" and "started" isn't executed during
'reload' anyway.

> 
>> 'reload' and 'start' are basically the same command. 
> 
> 
> ..."-n" meaning "leave the routing alone".
> 
> In my case, I'd always use reload -n, except when making changes to 
> "rtrules", "routes", and "providers".
> 
> Also, when shorewall "updates the routing tables/rules", it actually flushes 
> everything and creates anew, right?
> 
> It doesn't really "update", or is it possible to do so?
> 

It flushes and reloads, because it makes no assumptions about what the
current configuration is.

-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to