Brian J. Murrell wrote: > OpenWRT != Debian. It handles interfaces in a completely different > manner.
The feature is implemented in a completely distribution-neutral way (it uses the same logic to determine when an interface is up as is used in testing if an optional interface is usable). > > Those are all valid points which I won't argue with. The only thing I'd > say for the last point is that the process of restore could be: > > - restore interface agnostic bits > - for each interface_up; do > restore interface specifics > done And how do you tell iptables-save/iptables-restore what the interface-agnostic bits are? You can't, so you end up having to write your own iptables-save -- in Bourne shell. > > The other major pain with multiple interfaces and Shorewall is the > handling of default routes. <rest of rant omitted> The issue here is that the Shorewall Multi-ISP feature is a hack to work around the fact that many Shorewall users are cheap and try to use a pair of consumer-grade uplinks (often with dynamic IP addresses) to effect a fault-tolerant solution. The problem of maintaining accurate routing tables in the face of changing network topology is effectively solved through the use of interior gateway routing protocols but the consumer-grade services employed by most Shorewall users don't offer support for such protocols. -Tom (who must get to his real job now) -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
