Shorewall users - Feb 2003 - starting/stopping procedures

Hello

I''m curios about iptables content while running
starting/stopping/restarting
procedures in Shorewall.

Is there any way to use network while running these procedures? For example, 
can i make calls to LDAP (on another host) with functions in libnss_ldap to 
resolve service names in ''shorewall/rules'' using
''routestopped'' option,
''shorewall/routestopped'' or policy accepting all
firewall-initiated
connections?

Are these ''routestopped'' and policy features working only in
''stable'' modes -
when Shorewall IS started or stopped?

-- 
Regards,

Al Nikolov
Informational and Analytics Centre of Saint-Petersburg

Al Nikolov wrote:
> Hello
> 
> I''m curios about iptables content while running
starting/stopping/restarting
> procedures in Shorewall.
> 
> Is there any way to use network while running these procedures? For
example,
> can i make calls to LDAP (on another host) with functions in libnss_ldap to
> resolve service names in ''shorewall/rules'' using
''routestopped'' option,
> ''shorewall/routestopped'' or policy accepting all
firewall-initiated
> connections?
> 
> Are these ''routestopped'' and policy features working only
in ''stable'' modes -
> when Shorewall IS started or stopped?
> 
While Shorewall is transitioning from stopped->starting, the ONLY 
service you can count on working is DNS.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net