> On 11 Oct 2015, at 09:21, Tuomo Soini <t...@foobar.fi> wrote: > > On Sat, 10 Oct 2015 12:25:28 -0700 > Tom Eastep <teas...@shorewall.net> wrote: > >> The Shorewall Team is pleased to announce the availability of >> Shorewall 5.0.0. <snip> >> >> a) Beginning with this release, the 'restart' command now does a >> true restart and is equivalent to a 'stop' followed by a >> 'start'. > > I am against this change. I vote for a change for this. Nobody expects > firewall restart to stop traffic - ever.
I don’t think that this follows; with this change ‘reload’ does The Right Thing, and that is consistent with almost everything else. The restart action on a nameserver, webserver, database etc. would be expected to drop requests during the restart. Similarly a restart of a hardware firewall would drop traffic whereas a config commit wouldn’t. > > <snip> > Also there is a real problem in 5.0.0. Default value for > LEGACY_RESTART=No - and old configs don't have this option! So > this breaks all system with old configs now by causing traffic to stop > during restart. This is a major version change, I think it is completely reasonable to expect people to read the release notes before upgrading to it. It also doesn’t require a config change so much as admin behaviour change. > > -- > Tuomo Soini <t...@foobar.fi> > Foobar Linux services > +358 40 5240030 > Foobar Oy <http://foobar.fi/> Dom ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users