Am Sonntag, 27. März 2011, um 12:22:15 schrieb davidMbrooke:
> On Tue, 2011-03-01 at 14:08 +0100, Tom Erjavec wrote:
> > Hello Team,
> >
> > I am now able to reproduce my problems with yate / shorewall that I
> > raised 10 days ago. The changes I did to shorewall policy file or rules
> > file were not reflected if I restarted shorewall. It was the same result
> > when restarting in either web interface or CLI. The policy and the rules
> > seem not to be re-compiled during a shorewall web restart or
> > # /etc/init.d/shorewall restart .
> >
> > However, if I stop shorewall and start it again, then the re-compilation
> > is always done and the changes are reflected.
> > I suppose that a restart should re-compile as well.
> >
> > I hope this description can be understood and helpful.
> >
> > Tom
>
> Tom and I have been having an off-list email exchange about this.
> The problem is as follows:
>
> /sbin/shorewall restart works fine
> /etc/init.d/shorewall restart does *not* pick up new rules
>
> The code in /etc/init.d/shorewall says:
>
> # restart the firewall
> shorewall_restart () {
> echo -n "Restarting \"Shorewall firewall\": "
> $SRWL $OPTIONS restart 2>&1 && echo "done."
> return 0
>
> The problem is the value of $OPTIONS which is set to "-f"
> in /etc/default/shorewall and the Shorewall docs say:
>
> The -f option suppresses the compilation step and simply reused the
> compiled script which last started/restarted Shorewall.
>
> IMHO this is not right, and Tom points out that it is different from
> Bering-uClibc 3.x.
>
> Should we just remove the value for $OPTIONS in /etc/default/shorewall
> by setting it to an empty string? Expert users could still set it back
> to "-f" if required. I am happy to make that change if nobody objects.
>
davidMbrooke;
Looks that I haven't read the docs carefully.
Why not setting it to "-q"?
kp
kp
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
