Hi, I''m using shorewall version 3.2.9 and I''ve got many many rules with many zones (6 Network cards). My rules are divided in included files. When I restart shorewall when I have to modify a rule, it take a loooooong long time (about 1m30s) and, obviously, all traffic is stopped. What I would like to know is : - Is that possible to reload just a part of my rules? (specifying the included file for instance...) - If that is not possible, is it possible to restart only the concerned zone? not all the zones? I''m sure I''m not the first one to encounter this problem, so if you have tips, ideas... it''s always good for me! Thank you by advance! Hindisvik ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Reykjavik hindisvik wrote:> Hi, > > I''m using shorewall version 3.2.9 and I''ve got many many rules with many > zones (6 Network cards). My rules are divided in included files. When I > restart shorewall when I have to modify a rule, it take a loooooong long > time (about 1m30s) and, obviously, all traffic is stopped. > > What I would like to know is : > - Is that possible to reload just a part of my rules? (specifying the > included file for instance...) > - If that is not possible, is it possible to restart only the > concerned zone? not all the zones? > > I''m sure I''m not the first one to encounter this problem, so if you have > tips, ideas... it''s always good for me!This topic is covered in Shorewall FAQ 34. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> Reykjavik hindisvik wrote: >> Hi, >> >> I''m using shorewall version 3.2.9 and I''ve got many many rules with many >> zones (6 Network cards). My rules are divided in included files. When I >> restart shorewall when I have to modify a rule, it take a loooooong long >> time (about 1m30s) and, obviously, all traffic is stopped.This is a common mis-conception -- all traffic is *not* stopped; only new connections are stopped. As I mention in the answer to FAQ 34, the ultimate solution to this problem is Shorewall-perl. It uses iptables-restore to atomically install each of the three (or four) Netfilter tables. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/