On Sun, 2007-15-04 at 12:34 -0700, Tom Eastep wrote: > > That won't help the initial "shorewall load" from a remote host unless > you always reboot after installing shorewall lite.
Indeed. I had thought about that sort of situation. I don't know much about ipk's yet, but I assume they have some sort of post-installation script you could run. I'd just stuff it in there to take care of that one-time case. > Yes. Ahh. So you don't think there are/will be any other embedded solutions that will opt to make /var run-time only? > Does it not go hand-in-hand with the configurable $LITEDIR? > > LITEDIR only exists because of OpenWRT. Are you using OpenWRT there synonymously with embedded systems or specifically for OpenWRT? > But I can justify putting it in > the main Shorewall distribution because it needs to be available on > administrative systems. I don't think it is reasonable for an admin > system to require patches that are specific to an individual Shorewall > Lite distro running on some of the firewall systems. I guess I am just thinking about this situation in broader terms than just OpenWRT. I'm not terribly passionate about the situation so I'm not going to argue strongly for it. > I think it is specific to OpenWRT. Hopefully, OpenWRT is the only > distribution that believes that /var isn't persistent. Lol. I have no idea why they decided this, but I can only imagine it has to do with the "writefulness" that /var usually has and not wanting to subject flash memory to that -- with it's finite write cycles and so on. > > > > Does: > > > > --- /usr/src/shorewall-lite-3.2.6/shorewall-lite 2006-11-14 > > 23:09:13.000000000 -0500 > > +++ /usr/src/shorewall-lite-3.2.6/shorewall-lite.openwrt 2007-04-15 > > 15:02:24.000000000 -0400 > > @@ -1254,6 +1254,11 @@ > > > > get_config > > > > +if [ ! -d $VARDIR ]; then > > + mkdir -p $(dirname $VARDIR) > > + ln -s $LITEDIR $vardir > ------ s/b VARDIR Damn. I thought I fixed that before sending that e-mail. :-/ > > +fi > > + > > FIREWALL=$LITEDIR/firewall > > > > if [ -f $VERSION_FILE ]; then > > > > Look about right then? > > Yes -- with the suggested change. I'm going to make a new shorewall-lite ipk for OpenWRT then based on this idea. Interestingly enough, it makes a lot of my current patch for shorewall-lite on OpenWRT moot. A good sign indeed. Thanx for the guidance! b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
