Shorewall devel - Aug 2004 - CLEAR_TC=Yes & TC_ENABLED=No

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found a problem with my tcstart script.

First I was running system TC enabled for testing and then to stop all
TC I changed TC_ENABLED=No.

But I started to wonder why shorewall restart did _not_ clear TC rules
after TC was disabled?

So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is
disabled automatically.

Question is: should TC_ENABLED=No disable CLEAR_TC? Now it''s doing so.

Shorewall is version 2.0.7.

- --
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBINrmTlrZKzwul1ERAosBAJ9RIyGxbWa2AbOx/XfnN+sUVg0MwwCeLhSd
aGcfgyrxg6wX7dr7u1rlFHY=+/JS
-----END PGP SIGNATURE-----

Tuomo Soini wrote:
> I found a problem with my tcstart script.
> 
> First I was running system TC enabled for testing and then to stop all
> TC I changed TC_ENABLED=No.
> 
> But I started to wonder why shorewall restart did _not_ clear TC rules
> after TC was disabled?
> 
> So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is
> disabled automatically.
> 
> Question is: should TC_ENABLED=No disable CLEAR_TC? Now it''s doing
so.
> 
The way that it currently works is clearly documented at 
http://shorewall.net/traffic_shaping.htm:

"A new CLEAR_TC parameter in /etc/shorewall.conf (Added in Shorewall 
1.3.13). When Traffic Shaping is enabled (TC_ENABLED=Yes), the setting 
of this variable determines whether Shorewall clears the traffic shaping 
configuration during Shorewall [re]start and Shorewall stop."

Given that, I see no reason to change it.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key