On 9/24/2014 11:03 AM, PGNd wrote: > > > On Wed, Sep 24, 2014, at 10:55 AM, Tom Eastep wrote: >>> which suggests that the setting is ignored/overridden, and outbound rules >>> should be open, as in ADMINISABSENTMINDED=Yes, regardless. >> >> No. > > Can you clarify what "WARNING: Entries in the routestopped file are processed > as if ADMINISABSENTMINDED=Yes" *does* imply?
My bad - I was thinking about how the routestopped file worked. From
shorewall.conf(5):
stoppedrules
If ADMINISABSENTMINDED=No, a warning message is issued and the
setting is ignored.
In addition to connections matching entries in stoppedrules,
existing connections continue to work and all new connections from
the firewall system itself are allowed. To sever all existing
connections when the firewall is stopped, install the conntrack
utility and place the command conntrack -F in the stopped user exit
(/etc/shorewall/stopped).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
