Joseph L. Casale wrote:
Yes -- assuming that Shorewall is started after the other firewall. But you should always disable your distribution's default firewall when installing Shorewall.Thanks for the confirmation.You can answer that question yourself -- look at your init script configuration. But normally, Shorewall starts after networking but before any Internet-accessible services.My init scripts for run level 3 for example look like this:
Could it not be renamed as S09 for example? I am not sure if it depends on
> anything before its current place. Can you point me to a source of > documentation where I might devise what Shorewall depends on so I can > make this decision? <rant>I sure wish you would configure your mailer to wrap lines at some reasonable length; each paragraph in your posts is one long line which means that quoting is a real PITA. I have to manually wrap them before I can read them in my reply composition window.
Thanks </rant>Trivially /usr and /var must be available. Networking must also be available if you use Shorewall features that require it. So if you are using any of those, You need to make at least S10 (since 'shorewall' collates after 'network', the order will be correct).
The manpages point out configuration choices that will require networking to be available. Here's a brief (and probably incomplete) summary:
Any use of the 'detect' keyword requires networking as does the use of an interface name in the SOURCE column of /etc/shorewall/masq; also DETECT_DNAT_IPADDRS=Yes in shorewall.conf. Shorewall's multi-ISP support requires networking to be up before Shorewall since the routing configuration is manipulated. Shorewall Traffic Shaping also needs IP to be configured.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
