On 03/16/2013 06:21 PM, Mr Dash Four wrote: > > Another suggestion: for all table IDs shorewall uses provider numbers. > Can you change that to provider names instead?
That would break if KEEP_RT_TABLES=Yes were set.
>
> It would help debugging and it is more clearer. When I see "ip route del
> blackhole 10.0.0.0/8 table 7" for example, I have to start digging in
> order to decipher what that number translates to. It will be much easier
> if I had "ip route del blackhole 10.0.0.0/8 table dmz" instead since
> that is the name I have used in routes.
>
>> 2) The 'ifupdown' script installed by Shorewall-init is now
>> distribution-specific. Previously, the script determined the
>> distribution at run-time.
>>
> I've got a question about this: ifupdown executes
> "${VARLIB}/$PRODUCT/firewall -V0 $COMMAND $INTERFACE".
>
> Is "${VARLIB}/$PRODUCT/firewall" not the equivalent of
> "${VARDIR}/firewall"? If so, for consistency, I'd suggest that you use
> VARDIR instead.
PRODUCT is the loop variable, so that substitution doesn't work.
>
> What does ${VARDIR}/firewall <up|down> <iface> do exactly? I am
> particularly interested to know whether any of the rules or
> traffic-shaping rules are (re-)defined or reset?
It depends; see the tables in http://www.shorewall.net/Shorewall-init.html.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
