Am Donnerstag, 18. Januar 2007 17:51 schrieben Sie: > On Thu, 2007-01-18 at 16:49 +0100, Ralph Passgang wrote: > > sure, but the full config files are not as big as you may think. At least > > I personally don't have a problem with 40k for good explanation in these > > config files. > > And you have to consider that jffs2/squashfs are using compression, > which is know to work quite well on textfiles.
to be honest, I told you the package size of shorewall-full-conffiles ipkg file. The package is 40kb in size. I haven't checked how much space this consumes on a jffs2/squashfs partition. I guess it takes a bit more, but as long as you have the choice between the mini and the full set of config files it shouldn't be really important at all. We are talking about plus/minus some kb on a absolute optional package. But that's a good question anyway: How can I check how much space /etc/shorewall really needs on the actual real block device? I think using "du" & "ls" only shows the uncompressed file/dir size. > > But If you take a look at my patch, you will see that I just make it more > > flexible. If someone just wants the minimal version, then "shorewall" > > and "shorewall-conffiles" should be installed. For the full version of > > all configfiles, simply installing "shorewall" and > > "shorewall-full-conffiles" should do the trick. > > > > I don't want to force someone to use the full configfiles! I just want > > that the user has the choice to decide what he needs! > > I think this is a very good approach, pleasing everyone. Thanks... I definitly hope so. It not just the config files, even some other (small) bugs in the freewrt shorewall package gets fixed by applying my patch. Additionally I upgraded shorewall to the newest upstream version where some of the old freewrt shorewall patches are already applied. For FreeWRT 1.0 it's already too late, but I would like to see a good high-level firewall configuration tool (like shorewall) for the next stable release. Writing firewall without such firewall tools is great, espacially because it helps to understand what really happens in a linux iptables firewall, but for companies that have to take care of a lot of firewalls, some abstraction layer (like shorewall) is fantastic to save time and to hold one's nerve. > Bye, --Ralph _______________________________________________ freewrt-developers mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-developers
