Andrew Suffield wrote: > On Sun, Oct 07, 2007 at 07:16:58PM +1000, Paul Gear wrote: > For example, let's assume you did the following: > > apt-get install shorewall > # ... > # (start setting it up) > # ... > # actually, I wanted the other one... > apt-get install shorewall-lite > > Would you expect the last command to disable your network access?
Given the ubiquitous use of ADMINISABSENTMINDED=Yes, the possibility of '/etc/init.d/shorewall stop' disabling network access is remote. Nevertheless, it is a possibility. > > Behind the scenes, apt noted that shorewall-lite conflicts with > shorewall, so it scheduled shorewall for removal. As part of the > removal process, the shorewall init script was instructed to stop, > under the assumption that this would return the system to its > pre-shorewall state, ready for installation of shorewall-lite. > > Unexpected results like this are likely to happen all the time if you > have an init script where 'stop' does not undo 'start'. > While installing Shorewall from the tarball rather than from the .deb avoids many such problems by placing Shorewall outside of the purview of the package manager, I suppose that there may still be some problems lurking about. But since we implemented ADMINISABSENTMINDED, I haven't heard of any. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
