Brian J. Murrell wrote: > > It would be nice if the outage could be completely >> eliminated. However, this is a problem for the kernel people - we'd >> need atomic whole-configuration changes in netfilter and tc, rather >> than the current rule-at-a-time system. > >Indeed, but we could take quite a large step towards that goal by only >modifying an existing configuration to make the changes needed to affect >an interface change.
The problem there is that it's a shedload more complicated to work out what needs to be changed than it is to build it in the first place. I don't suppose there's provision for renaming of chains etc in situ ? That would appear (at first sight anyway) to be the easiest compromise - build a new set of rules, make them active by changing names, remove the old ones. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
