On Thu, 2009-02-05 at 08:38 -0800, Tom Eastep wrote: > Brian J. Murrell wrote: > > > > > The only other thing I do in start is: > > > > num_tcfor_rules=$(($($IPTABLES -t mangle -L tcfor -n | wc -l) - 2)) > > $IPTABLES -t mangle -I tcfor $num_tcfor_rules -m helper --helper sip -j > > MARK --set-mark 0x1 > > > > To get SIP connections prioritized and: > > > > # ospf is exempt from mac blocking > > $IPTABLES -I br-lan_mac -p 89 -j RETURN > > > > Because *everyone* should participate in OSPF regardless of whether they > > are allowed to use the gateway or not. IIRC, if you don't do this, it > > confuses the overall OSPF fabric. Or maybe it was just a quagga > > bug. :-) > > And none of those things (except your ipv6 stuff) needs to be done on > 'restore'.
Hrm. It's totally possible that I am missing some of the picture here, but given that a "shorewall-lite start -f" (which could be done from a fresh reboot) is essentially a "shorewall-lite restore", why do none of those other actions need doing on a restore? b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
