Hi all I need to run some iptables commands after shorewall has started. I see /etc/shorewall/start and /etc/shorewall/started and I''m not positive on the difference. I am running 2.4.2 (hopefully upgrading on the weekend) Kind Regards Ray -- Ray Booysen rj_booysen@rjb.za.net ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Monday 27 March 2006 07:35, Ray Booysen wrote:> Hi all > > I need to run some iptables commands after shorewall has started. I see > /etc/shorewall/start and /etc/shorewall/started and I''m not positive on > the difference. > I am running 2.4.2 (hopefully upgrading on the weekend)/etc/shorewall/start is run before Shorewall enters the running state. /etc/shorewall/started is run after in enters the running state. In /etc/shorewall/start, you may use the "run_iptables" function to run your iptables commands -- if a command fails, the firewall will be restored (if there is a current restore script) or stopped. In /etc/shorewall/started, the firewall is already started so you can run /sbin/shorewall commands like "add" (provided that you use the "nolock" option). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> On Monday 27 March 2006 07:35, Ray Booysen wrote: > >> Hi all >> >> I need to run some iptables commands after shorewall has started. I see >> /etc/shorewall/start and /etc/shorewall/started and I''m not positive on >> the difference. >> I am running 2.4.2 (hopefully upgrading on the weekend) >> > > /etc/shorewall/start is run before Shorewall enters the running > state. /etc/shorewall/started is run after in enters the running state. > > In /etc/shorewall/start, you may use the "run_iptables" function to run your > iptables commands -- if a command fails, the firewall will be restored (if > there is a current restore script) or stopped. > > In /etc/shorewall/started, the firewall is already started so you can > run /sbin/shorewall commands like "add" (provided that you use the "nolock" > option). > > -Tom >Hi Tom Thanks for clearing that up. Regards Ray -- Ray Booysen rj_booysen@rjb.za.net ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642