I did not subscribe to the list. I''ve been using shorewall for some time and I appreciate it very much. I think it would be useful to have an option to generate a script of the commands Shorewall is about to issue, instead of issuing the commands directly. This script could then be used for revision, modification, and could also be used on another system. I thought about modifying run_iptables, run_ip, run_arp and run_tc to obtain this feature, but I think an option to /sbin/shorewall would be a cleaner and useful solution. Do anybody think this would be useful too? Thank you Luigi
Luigi Iotti wrote:> I did not subscribe to the list. > I''ve been using shorewall for some time and I appreciate it very much. > I think it would be useful to have an option to generate a script of the > commands Shorewall is about to issue, instead of issuing the commands > directly. This script could then be used for revision, modification, and > could also be used on another system. > I thought about modifying run_iptables, run_ip, run_arp and run_tc to obtain > this feature, but I think an option to /sbin/shorewall would be a cleaner > and useful solution. > Do anybody think this would be useful too? >It''s been asked for before. And the answer is still the same. "shorewall start" queries your system and takes action based on the answers it receives. Capturing the commands that were executed on one particular start sequence and trying to replay them (especially on another system) will lead to disappointing results. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sun, Mar 21, 2004 at 12:49:20PM +0100, Luigi Iotti wrote: |I did not subscribe to the list. |I''ve been using shorewall for some time and I appreciate it very much. |I think it would be useful to have an option to generate a script of the |commands Shorewall is about to issue, instead of issuing the commands |directly. This script could then be used for revision, modification, and |could also be used on another system. |I thought about modifying run_iptables, run_ip, run_arp and run_tc to obtain |this feature, but I think an option to /sbin/shorewall would be a cleaner |and useful solution. |Do anybody think this would be useful too? I, for myself, was thinking to a way to generate the shorewall rules. (shorewall has the files start, stop, stopped), but i think there is no files for executing thing before shorewall starts (correct me if i''m wrong) however a kick fix can be done on the startup script in init.d I believe that, with shorewall, i''m able to obtain any arbitrary iptable chain. bye -- xavier
xavier wrote:> > I, for myself, was thinking to a way to generate the shorewall rules. > (shorewall has the files start, stop, stopped), > but i think there is no files for executing thing before shorewall starts > (correct me if i''m wrong)/etc/shorewall/init -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net