I''ve looked on the site and cannot find an answer to my q below... Once shorewall runs through its startup, does it create any files for iptables/netfitler to read? If so, where? Thanks. ------------------------------------------- Tyler Davis Sonic Development tdavis@sonicdev.com ------------------------------------------- Historia est vitae magistra.
Tyler Davis wrote:> I''ve looked on the site and cannot find an answer to my q below... > > Once shorewall runs through its startup, does it create any files for > iptables/netfitler to read?No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Tyler Davis wrote: > >> I''ve looked on the site and cannot find an answer to my q below... >> >> Once shorewall runs through its startup, does it create any files for >> iptables/netfitler to read? > > > No. >Now that I have a few more minutes, I''ll explain. Shorewall run''s ''iptables'', ''ip'', ''tc'', etc. many times while it "...runs through its startup". Once that startup is complete, the firewall is completely configured. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Gotcha, is there anyway to get Shorewall to dump those commands to a file? ------------------------------------------- Tyler Davis Sonic Development tdavis@sonicdev.com ------------------------------------------- Historia est vitae magistra. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, April 28, 2004 3:13 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Files Tom Eastep wrote:> Tyler Davis wrote: > >> I''ve looked on the site and cannot find an answer to my q below... >> >> Once shorewall runs through its startup, does it create any files for >> iptables/netfitler to read? > > > No. >Now that I have a few more minutes, I''ll explain. Shorewall run''s ''iptables'', ''ip'', ''tc'', etc. many times while it "...runs through its startup". Once that startup is complete, the firewall is completely configured. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Tyler Davis wrote:> Gotcha, is there anyway to get Shorewall to dump those commands to a file? >No -- It''s been requested several times but the answer is still "no". See the list archives for my reasons. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom, I was unable to find any posts from you regarding this subject.. But perhaps the answer is "no" because there are existing commands for such output! ;) I found that iptables-save yields the exact results I was looking for: http://lists.shorewall.net/pipermail/shorewall-users/2002-October/003220.htm l (will dig deeper into the list archives next time before I ask my q''s) hehe ------------------------------------------- Tyler Davis Sonic Development tdavis@sonicdev.com ------------------------------------------- Historia est vitae magistra. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, April 28, 2004 5:11 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Files Tyler Davis wrote:> Gotcha, is there anyway to get Shorewall to dump those commands to a file? >No -- It''s been requested several times but the answer is still "no". See the list archives for my reasons. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Tyler Davis wrote:> Tom, I was unable to find any posts from you regarding this subject.. > But perhaps the answer is "no" because there are existing commands for such > output! ;) > > I found that iptables-save yields the exact results I was looking for: > http://lists.shorewall.net/pipermail/shorewall-users/2002-October/003220.htm > l > > (will dig deeper into the list archives next time before I ask my q''s) heheiptables-save works fine if you don''t use Proxy ARP and don''t have Shorewall do things like add addresses to interfaces. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net