Brian J. Murrell wrote: >I still think fragments of configuration that can be applied/de-applied >on interface addition/removal is an interesting idea. Oh, but to have >the time... ~sigh~
You can always trigger a shorewall reload. So taking Debian as an example, in your /etc/networks/interfaces file you could do something like : iface eth0 inet static ... up shorewall restart down shorewall restart (I think that's the syntax). Then whenever you take the interface up or down you will automatically restart shorewall. I believe shorewall has locking so it won't break anything if two different processes both call for a restart. Particularly now we have the Perl version, reloads are quite quick so it's hardly any problem to reload the whole thing. By way of comparison, I've ported an accounting box at work to the newer version. As well as traffic shaping, it does accounting for in and out traffic on an entire class C - so 510 accounting rules or so. Hardware is Pentium III 1GHz and whilst the older version took about 90 seconds to load, the newer Perl version loads it in about 6 seconds. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
