On Thu, 2009-02-05 at 07:41 -0800, Tom Eastep wrote: > > I can add an option to shorewall.conf that causes the started script to > run during restore. There is no place to run the 'start' script during > restore because iptables-restore creates the 'shorewall' chain whose > presence indicates that Shorewall is in the running state.
Hrm. I think my choice of start/started was mostly arbitrary. I think I could use started just as readily as I use start. In fact one use of it is just laziness to create an initscript for my customized ip6tables rules which will go away when I get around to shorewall6. The launching of that script could very easily be in started instead of start. Or better yet, in init, nice and early. The only other thing I do in start is: num_tcfor_rules=$(($($IPTABLES -t mangle -L tcfor -n | wc -l) - 2)) $IPTABLES -t mangle -I tcfor $num_tcfor_rules -m helper --helper sip -j MARK --set-mark 0x1 To get SIP connections prioritized and: # ospf is exempt from mac blocking $IPTABLES -I br-lan_mac -p 89 -j RETURN Because *everyone* should participate in OSPF regardless of whether they are allowed to use the gateway or not. IIRC, if you don't do this, it confuses the overall OSPF fabric. Or maybe it was just a quagga bug. :-) > Alternatively, I can create a 'restored' script. Probably safer... restored to be executed in place of started? Sure. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
