On 4/14/20 3:54 AM, Norman Henderson wrote: > Thank you Erich, that was the step I missed: dynamic zone. It's working > OK across shorewall stop/start, I will have to wait until tonight to try > a reboot. > > Tom, I have gone back to SAVE_IPSETS=Yes in shorewall.conf rather than > using the shorewall-init feature. Is there a reason to use one rather > than the other?
If you use an ipset in /etc/shorewall[6]/stoppedrules, then you must use shorewall-init. Other than that, it is your choice. > > Also, is it OK to add entries using ipset add, which seems to be a lot > faster than shorewall add ? Absolutely. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
