Is there a way to export the current ruleset from Shorewall in a way that
would produce output comparable to iptables-save, without making those
rules effective? I know there is "shorewall compile", but the resulting
script does not appear to be diff-able (at least in a meaningful way :)
with the output from iptables-save, even when the script segments are
stripped off.
The use-case for the above is this: I'm working on a firewall that used to
be Shorewall-managed, but because refreshing the rules via "shorewall
safe-restart" terminated active VoIP streams, admins started making direct
iptables changes. The two rulesets (Shorewall vs. vanilla iptables)
diverged over time, and while the VoIP connections have moved off of the
segment, the differences haven't been settled. Being a a live environment,
it would be preferable if I could compare and re-implement the rules in
Shorewall before switching back. Being able to diff the rules currently in
use against those currently defined in Shorewall would make the work much
easier.
Thanks for any insights on this!
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
