Erich Titl wrote:
As I suggested some time ago could this be solved by falling back to the default shorewall.conf file if the file pointed to by CONFIG_PATH did not exist?
Let say that for LEAF, the CONFIG_PATH is:
/etc/shorewalluser:/etc/shorewall:/usr/share/shorewall
Shorewall continues to release its configuration files into /etc/shorewall.
a) It seems like the entries in /var/lib/lrcfg/shorwall.conf need to point to /etc/shorewalluser.
b) Shorewall can't release files into /etc/shorewalluser because then a Shorewall upgrade will overwrite those files.
So how does /etc/shorewalluser get populated initially?
I'm not sure I'm following along completely, but this sounds a lot like the general problem encountered when trying to update any *.lrp package: the configuration files are in the same package as the application, and the whole filesystem is re-created from scratch every boot (so there's no "remembering" the configuration data from a previously installed package version).
I know of two ways to work around this:
1) Put configuration data in a seperate package, ie: swconf.lrp would 'own' files in /etc/shorewalluser (or even /etc/shorewall), so replacing shorewall.lrp with a new version wouldn't overwrite existing configuration data.
2) Use partial backups (implemented in Dachstein and Bering). This isn't a real graceful solution for someone with a single boot disk, but can work well if you're running from CD, HDD, or can otherwise configure two (or more) package repositories. One holds the unconfiugred distribution packages (the CDROM in my case), while the other holds partial backups (typically just the configuration data) that get loaded on top of the default configuration files provided with the base package. There is a new package file in /var/lib/lrpkg (<package>.local) which defines which files are to be included or excluded when doing a partial backup. If this file doesn't exist, the scripts default to putting any files in /etc or /var/lib/lrpkg that are defined in the <package>.list file in the partial backup.
#2 works really well for CDROM based systems (or systems that can configure two package storage locations). To upgrade shorewall, ssh, or whatever, I simply burn a new CD containing the updated packages, insert it into my firewall (with it's single configuration floppy), and reboot.
Excuse the interruption if I'm not correctly understanding your problem...I haven't been closely monitoring this thread.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
