On Fri, Sep 26, 2014 at 12:56:01PM +0800, Vincent Ng wrote:
>Dear All,
>I have a question here, may i know how to configure when i need to allow
>the dynamic road warriors to connect my office by using IPSec?
>--
>
You don't provide much detail, so the best I can do is tell you to
I'm working on my firewall atm, tearing it down, restarting it, etc.
I also happen to be getting 'pestered' at a couple of my IPs during the process.
`shorewall drop` is, of course, very handy.
On SW restart, though, I lose the blocks on the dropped IPs.
What's the mechanism for capturing the c
On Fri, Sep 26, 2014, at 01:58 PM, Tom Eastep wrote:
> Unless you have an old version of Shorewall, 'shorewall restart'
> preserves the blacklist.
Then I've managed to break something again. I'll dig.
Is that preserved across system reboots as well? I need to look into the code
to see how it
On 9/26/2014 1:26 PM, PGNd wrote:
> I'm working on my firewall atm, tearing it down, restarting it, etc.
>
> I also happen to be getting 'pestered' at a couple of my IPs during the
> process.
>
> `shorewall drop` is, of course, very handy.
>
> On SW restart, though, I lose the blocks on the dro
On 9/26/2014 2:00 PM, PGNd wrote:
>
>
> On Fri, Sep 26, 2014, at 01:58 PM, Tom Eastep wrote:
>> Unless you have an old version of Shorewall, 'shorewall restart'
>> preserves the blacklist.
>
> Then I've managed to break something again. I'll dig.
>
> Is that preserved across system reboots as
On Fri, Sep 26, 2014, at 02:28 PM, Tom Eastep wrote:
> It is preserved over neither system reboots nor 'shorewall stop;
> shorewall start'. During restart, its contents are stored in
> ${VARDIR}/.dynamic
'Bitten' again by restart != start + stop. Need to remember that.
I find persist-to-ipset
