On Thu, 2009-02-05 at 08:09 -0500, Brian J. Murrell wrote: > From my look at the restore script created by shorewall 4.0.12 and > shorewall-lite 4.0.8 I'm wondering why I don't see anything that would > enable /proc/sys/net/ipv4/ip_forward for the "restore" code-path. > > It would seem in define_firewall() that "echo 1 > > /proc/sys/net/ipv4/ip_forward" is done if $COMMAND is anything other > than restore however. > > Is there something about the restore case that should not enable > ip_forward if shorewall.conf has IP_FORWARDING=On?
In fact, perhaps I am misunderstanding the point of "shorewall restore".
It would seem there are a number of things that [ $COMMAND = restore ]
does not do that are done otherwise. Things like:
echo 1 > /proc/sys/net/ipv4/ip_forward
run_{refreshed|start}_exit
run_started_exit
And in fact this is explaining why I am finding my actions
in /etc/shorewall/start are not always being run.
I guess I was under the impression that "shorewall restore" was suitable
to run from an initscript to quickly bring a previously saved instance
of shorewall up -- i.e. without having to do all the rule
building/compilation and whatnot. I'm pretty sure I even remember
seeing it used that way in a provided initscript (from a linux distro
probably).
It would seem this is not the case however. Did it used to be at one
time and I'm just not keeping up with the times?
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
