On 2/8/2018 5:17 PM, Tom Eastep wrote: > On 02/08/2018 04:20 AM, Matt Darfeuille wrote: >> Hi, >> >> From: >> >> http://shorewall.org/manpages/shorewall.html >> >> "Reload is similar to shorewall start except that it assumes that the >> firewall is already started. Existing connections are maintained." >> >> If I do 'shorewall stop' followed by 'shorewall reload' the firewall >> will be started: >> >> $ shorewall status >> Shorewall-5.1.12-RC1 Status ... >> >> Shorewall is running >> State:Started ... from /etc/shorewall/ (/var/lib/shorewall/firewall >> compiled ... by Shorewall version 5.1.12-RC1) >> >> $ shorewall stop >> Stopping Shorewall.... >> Preparing iptables-restore input... >> Running /sbin/iptables-restore... >> done. >> $ shorewall status >> Shorewall-5.1.12-RC1 Status ... >> >> Shorewall is stopped >> State:Stopped ... (/var/lib/shorewall/firewall compiled ... by Shorewall >> version 5.1.12-RC1) >> >> $ shorewall reload >> Shorewall is not running >> Starting Shorewall.... >> Initializing... >> Setting up Route Filtering... >> Setting up Martian Logging... >> Preparing iptables-restore input... >> Running /sbin/iptables-restore ... >> done. >> >> My understanding is that 'shorewall reload' should only reload shorewall >> when the state is 'started' or what Am I missing? >> >> In other words: why 'shorewall reload' starts the firewall when >> shorewall is stopped? >> > > The generated script interprets 'reload' and 'restart' as 'start' when > the firewall is not currently started. >
Is there any way to alter this so that the generated script would not unconditionally start the firewall? If no and if it makes sense could something to that effect be implemented? -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
