> > Tom Eastep wrote: >> Patch attached. >> > Applied and tested with changes (see patch attached), but still doesn't > work. When I make modifications to my /etc/shorewall and then execute > "shorewall compile -c" I am always getting "/var/lib/shorewall/firewall > is up to date -- no compilation required", which is clearly wrong. As > far as the patch goes - I only scanned the lib.* files in > /usr/share/shorewall, but I am sure there are quite a lot of other > references, especially in the perl .pm files. > > As an aside, I have a few queries/suggestions: > > 1. Could you allow multiple owner entries in the OWNER accounting column > the way it is in all other areas? > 2. When I get the following message from ifup-local: "WARNING: Optional > Interface tun0 is not usable -- tun0 not Started" should I manually > execute "firewall -V0 up tun0" when I connect to my VPN (this can't be > picked up by the OS as the tun device is a bit "special", so all up/down > events can be controlled with scripts via openvpn)? I have traffic > shaping (incl. ifbX) as well as accounting set up for this device, > though it has to be said that during boot up my tun device is present, > but it does not yet have an ip address. > 3. What is the consequence of stopping a device with "firewall down > tun0" for example?
Hi, This is a bit OT because it more touches openvpn than shorewall, but... I don't know your exact requirements but in my situation I needed openvpn being able to run scripts before tun/tap is opened, not after. That's not possible with current openvpn versions and one has to hack around in the init script or other facilities like firewall. I've posted a feature wish with patch to openvpn but it was turned down: https://community.openvpn.net/openvpn/ticket/284 Regards, Simon ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
