I have an "old and decrepit" install of Shorewall, installed from a Debian package. I''m having a problem, so in order to get support, I''m working on upgrading to the most recent stable version. What I''d like to do, is to test the new version with my configuration files, without actually installing it -- just untarring it. Is this possible? How can I invoke it point it at a particular directory of configuration files? David
David Corbin wrote:> I have an "old and decrepit" install of Shorewall, installed from a Debian > package. I''m having a problem, so in order to get support, I''m working on > upgrading to the most recent stable version. > > What I''d like to do, is to test the new version with my configuration files, > without actually installing it -- just untarring it. Is this possible? How > can I invoke it point it at a particular directory of configuration files?I know of no way to do what you are asking. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
David Corbin wrote:> I have an "old and decrepit" install of Shorewall, installed from a Debian > package. I''m having a problem, so in order to get support, I''m working on > upgrading to the most recent stable version. > > What I''d like to do, is to test the new version with my configuration files, > without actually installing it -- just untarring it. Is this possible? How > can I invoke it point it at a particular directory of configuration files? > > DavidYou should read the docs before making any changes. If it''s a mission critical firewall that you can''t take any downtime on, then use a similar test box to figure out what needs to be done to your config files. If it''s not, I''d just do the upgrade, then figure out what broke and therefore needs changing. The best, though not quickest, thing to do is this: go through your old firewall config until you remember and understand the policy and exceptions that you''re implementing, then read the docs for the new version and set up new config from scratch to match your old policy. While much of this new config will be the same, redoing it will give you opportunity to take advantage of any new features, maybe optimize policy, &c. -- Jack at Monkeynoodle dot Org: It''s a Scientific Venture... Riding the Emergency Third Rail Power Trip since 1996!
Jack Coates wrote:> David Corbin wrote: >> I have an "old and decrepit" install of Shorewall, installed from a >> Debian package. I''m having a problem, so in order to get support, I''m >> working on upgrading to the most recent stable version. >> What I''d like to do, is to test the new version with my configuration >> files, without actually installing it -- just untarring it. Is this >> possible? How can I invoke it point it at a particular directory of >> configuration files? >> >> David > > You should read the docs before making any changes. >To get an idea of what has changed, I would look at the following articles: http://shorewall2.rettc.com/1.4/upgrade_issues.htm http://shorewall.net/upgrade_issues.htm http://lists.shorewall.net/pipermail/shorewall-announce/2004-December/000451.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key