[Shorewall-users] copying existing policy to a new router

[Brian J. Murrell]

Hi,

I want to copy a policy on an existing shorewall[6]-lite router to a
new router so that the new router, when turned on, picks up exactly
where the old router left off.

On the old (LEDE) router, the existing policy state lives in
/etc/shorewall[6]-lite/state/ as such:

# ls -l /etc/shorewall-lite/state/
-rw-------    1 root     root             2 Dec  8 07:01 br-lan.status
-rw-------    1 root     root             0 Dec  8 07:01 default_route
-rw-------    1 root     root             2 Dec  8 07:01 eth0.2.status
-rw-------    1 root     root             2 Nov 12 14:59 eth0.2_weight
-rw-------    1 root     root             2 Dec  8 07:01 eth0.3.status
-rwx------    1 root     root        187064 Oct 17 20:38 firewall
-rw-------    1 root     root           441 Oct 17 20:38 firewall.conf
-rw-------    1 root     root        774738 Dec  8 07:01 ipsets.save
-rw-------    1 root     root           181 Dec  8 07:01 marks
-rw-------    1 root     root             0 Dec  8 07:01 nat
-rw-------    1 root     root          5676 Dec  8 07:01 policies
-rw-------    1 root     root             2 Dec  8 07:01 pppoe-wan1.status
-rw-------    1 root     root             2 Nov 12 14:59 pppoe-wan1_weight
-rw-------    1 root     root             0 Dec  8 07:01 proxyarp
-rw-------    1 root     root            29 Dec  8 07:01 restarted
-rwx------    1 root     root        187064 Oct 17 20:38 restore
-rw-------    1 root     root        768931 Oct 17 20:38 restore-ipsets
-rw-------    1 root     root         90537 Oct 17 20:38 restore-iptables
-rw-------    1 root     root            64 Dec  8 07:01 state
-rw-------    1 root     root           220 Dec  8 07:01 undo_Squid_routing
-rw-------    1 root     root            68 Dec  8 07:01 undo_balance_routing
-rw-------    1 root     root             0 Dec  8 07:01 undo_default_routing
-rw-------    1 root     root           125 Dec  8 07:01 undo_eth0_3_routing
-rw-------    1 root     root           280 Dec  8 07:01 undo_main_routing
-rw-------    1 root     root           345 Dec  8 07:01 zones

What do I need to and/or should I copy to a new router to make it start
up with the same policy?  Clearly some of that stuff is "current state"
which would not be accurate for a replacement of that policy starting
on a new router.

I believe I would want:

firewall
firewall.conf
restore-iptables
restore
restore-ipsets

but I'm not sure how that last one squares with:

ipsets.save

Or if I am missing anything.

Cheers,
b.

signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users