Steven Jan Springl wrote: > On Monday 14 May 2007 15:52, Tom Eastep wrote: >> Tom Eastep wrote: >>> Steven Jan Springl wrote: >>>> Tom >>>> >>>> If interface entry: >>>> >>>> lan eth0 - >>>> >>>> is defined, it is possible to issue command: >>>> >>>> shorewall delete eth0 lan >>>> >>>> While this does not change the iptables rules, its does remove eth0 from >>>> /var/lib/shorewall/zones >>>> >>>> Command: >>>> >>>> shorewall show zones >>>> >>>> displays lan (ipv4) without an interface. >>>> >>>> I don't know if this could cause any issues. >>> I don't think that it can (other than messing up 'shorewall show zones') >>> and I don't believe that I'll try to do anything about this. Once ipsets >>> are included in standard kernels, they provide a much better way to >>> implement dynamic zones and we will scrap this current implementation >>> altogether. >> Good afternoon, Steven >> >> I got up this morning and decided to try to do something about this issue. >> Please try revision 6344; the releasenotes.txt file explains what I did. >> >> Thanks! >> >> -Tom > > Good morning Tom, > > Revision 6344 prevents the deletion of a permanent interface from a zone. > However I can add an interface that duplicates the permanent interface, E.G. > with interface entry: > > lan eth0 - > > I can now issue command: > > shorewall add eth0 lan > > /var/lib/shorewall/zones now contains: > > lan eth0:0.0.0.0/0 +eth0:0.0.0.0/0 > > If I try to delete eth0 from lan with the following command: > shorewall delete eth0 lan > > I get a message saying eth0 is a permanent member of zone lan > and it isn't deleted.
Corrected in revision 6345. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
