Working on getting ready for voip. Concerned about loosing voip during a shorewall restart. I hate to do changes to the firewall late at night. Currently thinking of connecting asterisk server via arp proxy. Will ADMINISABSENTMINDED keep the current sip connections? Can settings in routestopped allow new connections? Primarily concerned with keeping connection to our sip provider. Thanks John ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
John McMonagle wrote:> Working on getting ready for voip. > Concerned about loosing voip during a shorewall restart. > > I hate to do changes to the firewall late at night. > > Currently thinking of connecting asterisk server via arp proxy. > Will ADMINISABSENTMINDED keep the current sip connections? > Can settings in routestopped allow new connections? > > Primarily concerned with keeping connection to our sip provider.Upgrade to 4.0.2 and switch to Shorewall-perl. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep wrote:> Upgrade to 4.0.2 and switch to Shorewall-perl.Here''s an example: gateway:~ # shorewall compile -C perl firewall Compiling... Shorewall configuration compiled to /root/firewall gateway:~ # time ./firewall restart Restarting Shorewall.... done. real 0m0.853s <=================user 0m0.340s sys 0m0.276s gateway:~ # shorewall compile -C shell firewall Compiling... Shorewall configuration compiled to /root/firewall gateway:~ # time ./firewall restart Restarting Shorewall.... done. real 0m4.132s <=================user 0m0.740s sys 0m1.876s gateway:~ # And with Shorewall-perl, the netfilter rulesets are swapped atomically on a table by table basis. So there are no periods when packets are being dropped. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep wrote:> John McMonagle wrote: > >> Working on getting ready for voip. >> Concerned about loosing voip during a shorewall restart. >> >> I hate to do changes to the firewall late at night. >> >> Currently thinking of connecting asterisk server via arp proxy. >> Will ADMINISABSENTMINDED keep the current sip connections? >> Can settings in routestopped allow new connections? >> >> Primarily concerned with keeping connection to our sip provider. >> > > Upgrade to 4.0.2 and switch to Shorewall-perl. > > -Tom > > ------------------------------------------------------------------------Do not see debian packages for 4.0.2 ? Are there any debian packages or procedures to build them? ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
On Sun, Aug 12, 2007 at 08:35:03PM -0500, John McMonagle wrote:> Do not see debian packages for 4.0.2 ? > Are there any debian packages or procedures to build them? >No. I have filed bug #436072 asking for some shorewall4 packages. However, I wager that it will be a while befoer they are ready. The new scheme will require some changes to the way that shorewall is packaged compared to how it is packaged now. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Roberto C. Sánchez wrote:>On Sun, Aug 12, 2007 at 08:35:03PM -0500, John McMonagle wrote: > > >>Do not see debian packages for 4.0.2 ? >>Are there any debian packages or procedures to build them? >> >> >> >No. I have filed bug #436072 asking for some shorewall4 packages. >However, I wager that it will be a while befoer they are ready. The new >scheme will require some changes to the way that shorewall is packaged >compared to how it is packaged now. > >Regards, > >-Roberto > >Suppose I could try the tar packages. Hopefully a silly question but will they upgrade cleanly? John ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
John McMonagle wrote:>> > Suppose I could try the tar packages. > Hopefully a silly question but will they upgrade cleanly? >Yes -- see http://www.shorewall.net/Install.htm#Upgrade_Tarball -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/