thr3ads.net - Shorewall users - [Shorewall-users] HowTo avoid to be close out when active a new configurations from remote host ? [Mar 2002]

If this information is useful, please help other people find it:
Share via:

Dario Lesca

2002-Mar-12 16:00 UTC

[Shorewall-users] HowTo avoid to be close out when active a new configurations from remote host ?

First of all, many thanks to Tom for the very good work!!
.. shorewall is a logical and intuitive way of configuring firewalling.

Now the Question:

After an insert of a new rule, from remote host, into the
configuration file of shorewall, how to avoid remaining
to be close out, evenctually due to a sintax error of the new rule?

Perhaps I want to use the option -c .... but howto coming back if something
wrong?

Some suggest?

(sorry for my bad english)

-------
Dario Lesca (d.lesca@osra.it)

Tom Eastep

2002-Mar-12 16:16 UTC

head link

[Shorewall-users] HowTo avoid to be close out when active a new configurations from remote host ?

Hello Dario,

----- Original Message -----
From: "Dario Lesca" <d.lesca@ivrea.osra.it>
To: "Shorewall Firewall" <shorewall-users@shorewall.net>
Sent: Tuesday, March 12, 2002 8:00 AM
Subject: [Shorewall-users] HowTo avoid to be close out when active a new
configurations from remote host ?

> First of all, many thanks to Tom for the very good work!!
> .. shorewall is a logical and intuitive way of configuring firewalling.
>
> Now the Question:
>
> After an insert of a new rule, from remote host, into the
> configuration file of shorewall, how to avoid remaining
> to be close out, evenctually due to a sintax error of the new rule?
>
> Perhaps I want to use the option -c .... but howto coming back if
something> wrong?
>
> Some suggest?
The new "check" command was designed to help -- before trying
"shorewall
restart" , do "shorewall check". There are other ways to get
around this
that require a little bit of shell program. For example:

Place this in /sbin/newfirewall

   #!/bin/sh

    [ $# -eq 1 ] || { echo "usage: `basename $0` <directory>" ;
exit 1 ; }

    [ -d $1 ] || { echo "Directory $1 does not exist" ; exit 1 ; }

    shorewall restart -c $1

    if ! iptables -L shorewall > /dev/null 2>&1; then
        shorewall start

Be sure to "chmod +x /sbin/newfirewall

Now if you create a new configuration in /etc/newshorewall, you can:

    newfirewall /etc/newshorewall

If that firewall comes up, you can then copy the files in /etc/newshorewall
to /etc/shorewall. If that firewall doesn''t come up then
''newfirewall'' will
automatically start your old configuration again.

-Tom

Shorewall users - Mar 2002 - HowTo avoid to be close out when active a new configurations from remote host ?

[Shorewall-users] HowTo avoid to be close out when active a new configurations from remote host ?

[Shorewall-users] HowTo avoid to be close out when active a new configurations from remote host ?