Taso Hatzi
2003-Jan-16 13:45 UTC
[Shorewall-users] Is there any merit in making a start/restart conditional upon a successful check?
--
Tom Eastep
2003-Jan-16 13:50 UTC
[Shorewall-users] Is there any merit in making a start/restart conditional upon a successful check?
That''s almost the way that it works now -- the only file that isn''t checked is the rules file. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep
2003-Jan-16 13:57 UTC
[Shorewall-users] Is there any merit in making a start/restart conditional upon a successful check?
--On Thursday, January 16, 2003 1:50 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> That''s almost the way that it works now -- the only file that isn''t > checked is the rules file. >To clarify -- the only file checked by the ''check'' command that is not checked by the ''[re]start'' command is the rules file. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep
2003-Jan-16 14:01 UTC
[Shorewall-users] Is there any merit in making a start/restart conditional upon a successful check?
--On Thursday, January 16, 2003 1:57 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > To clarify -- the only file checked by the ''check'' command that is not > checked by the ''[re]start'' command is the rules file. >Please forgive me for carrying on a conversation with myself but I keep thinking of other things. Do NOT be tempted to: shorewall check && shorewall restart as a way to do what Taso was suggesting. I didn''t pay any attention to the termination status when I wrote "shorewall check". -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep
2003-Jan-16 14:07 UTC
[Shorewall-users] Is there any merit in making a start/restart conditional upon a successful check?
--On Thursday, January 16, 2003 2:01 PM -0800 Tom Eastep <teastep@shorewall.net> wrote:> I didn''t pay any attention to > the termination status when I wrote "shorewall check". >I''ve got to stop talking to myself....... Actually, the code in "shorewall check" seems to be doing the correct thing -- so you could use: shorewall check && shorewall restart if you really want to check the config before issuing [re]start the command. I still think that "shorewall try <config>" is the correct way to do this though because that will restore your current (presumably working) configuration if the new config fails to start. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Taso Hatzi
2003-Jan-16 14:20 UTC
[Shorewall-users] Is there any merit in making a start/restart conditional upon a successful check?
Tom Eastep said:> > Please forgive me for carrying on a conversation with myself but I keep > thinking of other things. > > Do NOT be tempted to: > > shorewall check && shorewall restart > > as a way to do what Taso was suggesting. I didn''t pay any attention to > the termination status when I wrote "shorewall check". >I''ve been caught out a couple of times making ''trivial'' changes to the rules file. I figure one more time and the message will finally sink in - use ''shorewall try'' everytime. :) (Shorewall has sure come a long way in a short time.)