On 3/12/2015 12:06 PM, Erich Titl wrote: > Hi Tom > > Am 12.03.2015 um 15:47 schrieb Tom Eastep: >> On 3/5/2015 7:39 AM, Erich Titl wrote: >>> Hi Folks >>> >>> I need to temporarily allow HTTP connections from my shorewall based >>> LEAF box, preferrably without having to touch the shorewall files and be >>> able to stop this functionality again. >>> >>> I looked a bit at the very extensive shorewall docs, but nothing >>> immediately caught my eyes. It would be nice to somehow do it like the >>> port knocking mechanism. >>> >> >> Hi Erich, >> >> I just released 4.6.8 Beta 1 which includes 'open' and 'close' commands. >> The 'open' command does what you are asking and the 'close' command >> reverses the effect of a preceding 'open'. > > This is great news, thanks for considering it. > > We have > > AP# shorewall version > 4.6.5.4 > > as the current standard, but this is just the perfect fit. Right now I > am just saving the current setting, inserting a rule into into fw-net > and at the end restoring the shorewall settings, using the standard > shorewall save and restore interface. > > Do your open and close commands survive multiple parallel invocations? > My method for sure will disable the second process if the first one fails.
You can have multiple temporary opens active at a time simultaneously if that is what you are asking. To close one of the opens, you pass the same arguments to 'close' as you did for the corresponding 'open'. To quickly delete all temporary opens, you can simply restart the firewall (no compilation is required if you use AUTOMAKE=Yes). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
