Brian J. Murrell wrote: > On Thu, 2009-02-05 at 08:38 -0800, Tom Eastep wrote: >> Brian J. Murrell wrote: >> >>> The only other thing I do in start is: >>> >>> num_tcfor_rules=$(($($IPTABLES -t mangle -L tcfor -n | wc -l) - 2)) >>> $IPTABLES -t mangle -I tcfor $num_tcfor_rules -m helper --helper sip -j >>> MARK --set-mark 0x1 >>> >>> To get SIP connections prioritized and: >>> >>> # ospf is exempt from mac blocking >>> $IPTABLES -I br-lan_mac -p 89 -j RETURN >>> >>> Because *everyone* should participate in OSPF regardless of whether they >>> are allowed to use the gateway or not. IIRC, if you don't do this, it >>> confuses the overall OSPF fabric. Or maybe it was just a quagga >>> bug. :-) >> And none of those things (except your ipv6 stuff) needs to be done on >> 'restore'. > > Hrm. It's totally possible that I am missing some of the picture here, > but given that a "shorewall-lite start -f" (which could be done from a > fresh reboot) is essentially a "shorewall-lite restore", why do none of > those other actions need doing on a restore?
Because they were done at the 'start' preceding the 'save'; 'save' saved
them in ${VARDIR}/restore-iptables which is what gets passed to
iptables-restore during 'restore'.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
