Am Sonntag, 27. März 2011, um 13:55:52 schrieb davidMbrooke:
> On Sun, 2011-03-27 at 13:04 +0200, KP Kirchdoerfer wrote:
> > Am Sonntag, 27. März 2011, um 12:22:15 schrieb davidMbrooke:
> > > On Tue, 2011-03-01 at 14:08 +0100, Tom Erjavec wrote:
> > > > Hello Team,
> > > >
> > > > I am now able to reproduce my problems with yate / shorewall that I
> > > > raised 10 days ago. The changes I did to shorewall policy file or
> > > > rules file were not reflected if I restarted shorewall. It was the
> > > > same result when restarting in either web interface or CLI. The
> > > > policy and the rules seem not to be re-compiled during a shorewall
> > > > web restart or # /etc/init.d/shorewall restart .
> > > >
> > > > However, if I stop shorewall and start it again, then the
> > > > re-compilation is always done and the changes are reflected.
> > > > I suppose that a restart should re-compile as well.
> > > >
> > > > I hope this description can be understood and helpful.
> > > >
> > > > Tom
> > >
> > > Tom and I have been having an off-list email exchange about this.
> > >
> > > The problem is as follows:
> > > /sbin/shorewall restart works fine
> > > /etc/init.d/shorewall restart does *not* pick up new rules
> > >
> > > The code in /etc/init.d/shorewall says:
> > > # restart the firewall
> > > shorewall_restart () {
> > >
> > > echo -n "Restarting \"Shorewall firewall\": "
> > > $SRWL $OPTIONS restart 2>&1 && echo "done."
> > > return 0
> > >
> > > The problem is the value of $OPTIONS which is set to "-f"
> > >
> > > in /etc/default/shorewall and the Shorewall docs say:
> > > The -f option suppresses the compilation step and simply reused the
> > >
> > > compiled script which last started/restarted Shorewall.
> > >
> > > IMHO this is not right, and Tom points out that it is different from
> > > Bering-uClibc 3.x.
> > >
> > > Should we just remove the value for $OPTIONS in /etc/default/shorewall
> > > by setting it to an empty string? Expert users could still set it back
> > > to "-f" if required. I am happy to make that change if nobody objects.
> >
> > davidMbrooke;
> >
> > Looks that I haven't read the docs carefully.
> >
> > Why not setting it to "-q"?
> >
> > kp
>
> Setting it to "-q" is OK by me, although the more verbose output is
> slightly comforting IMHO.
Expert users could still set it back to "" if required :)
Less output, less boot time.
kp
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
