On Sun, Oct 07, 2007 at 10:43:28AM +0100, Andrew Suffield wrote: > > The package system is subtle and quite involved; the rules have been > carefully worked out through years of experience with thousands of > packages. Meddling with them can create all kinds of strange > effects. For example, let's assume you did the following: > > apt-get install shorewall > # ... > # (start setting it up) > # ... > # actually, I wanted the other one... > apt-get install shorewall-lite > > Would you expect the last command to disable your network access? > > Behind the scenes, apt noted that shorewall-lite conflicts with > shorewall, so it scheduled shorewall for removal. As part of the > removal process, the shorewall init script was instructed to stop, > under the assumption that this would return the system to its > pre-shorewall state, ready for installation of shorewall-lite. > > Unexpected results like this are likely to happen all the time if you > have an init script where 'stop' does not undo 'start'. > I'm afraid I must agree with Andrew. This is similar to the situation that was discussed a while back about having something /etc/defaults to enable/disable the firewall instead of having it in shorewall.conf. Additionally, given Debian's popularity as a hosting platform (e.g., for colo or other remote hosting) it would be very dangerous to advocate that the automated actions of the packaging systems potentially remove network access completely. I have a feeling that some people would be quite irritated with that.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
