Hi Matt, On 04/10/2016 07:10 AM, matt darfeuille wrote: > Hi, > > I have some questions/requests!: > > Could it be possible to specify a tag(logger -t <tag> -p ...) to > logger?: > That way it would be easier to identify in the log when for example > shorewall lite was started by shorewall init(the 'logger -t' default > value(current user) wouldn't be used)!
How are you proposing that the tag be specified? Via a command option?
>
> Is there any reason why shorewall-lite does not support for example
> the refresh command?:
> The reason I'm asking is that in the dhcp article on shorewall.org
> the refresh command need to be executed when the dhcp client is
> bound.
> What I use now is a function in lib.private:
> refresh_private(){ ${VARDIR}/firewall refresh; }
>
> Or is there a better way to refresh shorewall-lite?
The refresh command was created back when Shorewall ran iptables for to
add every rule and there was no Shorewall-lite. Then, a restart took
significant time - especially on slower hardware. We also did not have
dynamic blacklisting, which meant that blacklisting a new address
required adding the address to /etc/shorewall/blacklist and then doing a
'shorewall restart'. The
refresh command only rebuild part of the ruleset, so it was considerably
faster. Today, especially with AUTOMAKE=Yes, the reload command is fast
and we have dynamic blacklisting.
Given that changing the Shorewall-lite configuration must be done on a
remote administrative system, there is no justification for having a
refresh command. What I need to do is to update the DHCP article to
remove reference to the refresh command.
>
> I have a variable in my params file that if set will enable some
> rules in the rules file using if..endif and I'd like to be reminded
> that those rules are enabled when shorewall start, restart...
> Could an '?INFO' and a '?WARNING' directive be created/used or is
> there already such a way to print an arbitrary message and could that
> message optionally be logged?
Sure -- I'll add that to the wish list.
>
> I build shorewall from git on cygwin and also used cygwin as an
> administrative system on Windows which is case-insensitive.
> Could an .deprecated extension be used when the case of a file is
> changed(I understand that would also require modifying shorewall to
> look for a .deprecated extension if a macro with the given name is
> not found)?
> EG:
> macro.SNMPTrap to macro.SNMPTrap.deprecated
> action.A_rEJECT to action.A_rEJECT.deprecated
>
> In other words could a naming convention be used that is
> cross-platform?
>
I'll think about it -- I think the easiest way is to create a
/usr/share/shorewall[6]/deprecated/ directory, put deprecated files
there, and add that directory to the CONFIG_PATH during 'shorewall[6]
update'.
> Out of curiosity, is there any reason why build50 couldn't be used to
> build none-5.0 version of shorewall(assuming that build50 would be
> slightly modified to allow built of none-5.0 version)?
I've gotten in the habit of creating a new build script for each major
release -- to build earlier releaases, I just use the corresponding
build script.
>
> I suggest adding some improvements to build50:
> - Remove *.bak and *.diff even if -t is not given.
> - Remove bashism.
> - Use plumbing git command instead of porcelain one!
> - Use git show-ref instead of accessing files under the .git
> directory.
> - Modify the usage function and the comments usage.
> - Allow build of tag ending in -[bB]ase.
>
> Attached as build50-4.patch
Thanks.
>
>
> The format specifier for the date command needs to be change from %d
> to %e in the timestamp variable in function startup_error in the
> compiled firewall script!
Yep.
>
> The gpg key used to sign git tags/commits has expired!
>
I've uploaded all three of the public keys that I use.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
