The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall stop'' followed by ''shorewall start'' then they erroneously conclude that /etc/shorewall/routestopped can be used to enable new connections during ''shorewall restart''. Up to now, it cannot -- that file is not processed during either ''shorewall start'' or ''shorewall restart''. Beginning with Shorewall version 2.2.3, /etc/shorewall/routestopped will be processed TWICE during ''shorewall start'' and during ''shorewall restart''. It will be processed to add rules allowing new connections during the ''start/restart'' and it will be processed again when the ''start/restart'' is complete to remove the rules added earlier. The result of this change will be that during most of [re]start, new connections will be allowed in accordance with the contents of /etc/shorewall/routestopped. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> > The result of this change will be that during most of [re]start, new > connections will be allowed in accordance with the contents of > /etc/shorewall/routestopped. >Code is in CVS (Shorewall2/ project). New/changed files since 2.2.2: firewall -> /usr/share/shorewall/firewall continue -> /etc/continue releasenotes.txt changelog.txt -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep
2005-Mar-15 21:17 UTC
Re: [Shorewall-devel] Re: New feature for Shorewall 2.2.3
I really should proofread these things better the first time.... Tom Eastep wrote:> > Code is in CVS (Shorewall2/ project). New/changed files since 2.2.2: > > firewall -> /usr/share/shorewall/firewall > continue -> /etc/continuecontinue -> /etc/shorewall/continue -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key