On 03/13/2013 12:42 PM, Mr Dash Four wrote: > >> Yes. >> > Good to know. > > However, I just checked my /etc/sysconfig/network-scripts directory on a > machine where shorewall-init is installed, but can't see anything that > is from shorewall(-init) - there are only standard scripts included as > part of the OS installation (Fedora in my case). I do have > /usr/libexec/shorewall/ifupdown, as well as /etc/init.d/shorewall-init > (shorewall init seems to have been started as I do have > /var/lock/subsys/shorewall-init present), so how do I verify that > shorewall executes the "appropriate scripts" > (/var/lib/shorewall/firewall?) when the interface goes up or down?
On Redhat/Fedora, Shorewall-init installs the ifupdown script as
/sbin/ifup-local and /sbin/ifdown-local.
>
>>> 10.1.0.0/24 via 10.1.1.1 dev eth0 table dmz
>>>
>>
>> Again, shorewall-init will trigger an 'up' command for the interface
>> which reloads all routes for the interface that were originally loaded
>> by start/restart.
>>
> Could you elaborate on this a bit more please? I ran grep -r "ifupdown"
> /etc, but could not find any meaningful matches. Does shorewall-init
> auto-generate these up/down scripts depending on my shorewall
> configuration or does it use them to insert a callback to
> /usr/libexec/ifupdown? If not, is this done in some other way?
ifupdown runs ${VARDIR}/firewall passing it either an 'up' or 'down'
command. e.g., /var/lib/shorewall/firewall up eth0. The firewall
script's up/down processing is taylored to your configuration.
>
>> I think that article would be a good place to gather all of this
>> information in one spot. If you agree and would like to give it a go, I
>> would be grateful.
>>
> Yes, I would, but it is going to be a simple text file as my html
> editing skills are not up to scratch. All this could be started at the
> weekend when I have more time if that's OK with you.
That's fine. The Shorewall document sources are maintained in Docbook
XML, but the free WYSIWYG editor that I use (XXE from XMLMind) is no
longer available for download.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
