On 9/27/2014 1:56 PM, PGNd wrote: > > > On Sat, Sep 27, 2014, at 01:52 PM, Tom Eastep wrote: >>> Also survives system reboot? Sounds like it might well ... >> >> Yep. > > Then it's already done! I need to figure out why I'm not seeing it survive > reboot. 99% sure it's me doing some foolish cleaning. > > Is the save-only-these-ipsets selection doable?
The Shorewall-init SAVE_IPSETS action takes place after the firewall is cleared. So in your /etc/shorewall/stopped script, if $COMMAND = clear, then you could clean and remove all of the ipsets that you *don't* want saved. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
