When shorewall starts up does it completely flush any other iptables rule sets or nat entries that are already in there? Or Can I run two instances of shorewall each loading a different set of rules and a different set of IP addresses in the NAT table and have each one only control what it adds?
On Fri, 2003-10-31 at 11:04, Charles Holbrook wrote:> When shorewall starts up does it completely flush any other iptables > rule sets or nat entries that are already in there? > Or > Can I run two instances of shorewall each loading a different set of > rules and a different set of IP addresses in the NAT table and have each > one only control what it adds?You can only have one Netfilter ruleset. When you issue "shorewall [re]start", the existing ruleset is cleared and a new one is constructed based on the configuration directory that you specify. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Oddly enough that is exactly what I was hoping to hear. Thanks. On Fri, 2003-10-31 at 13:12, Tom Eastep wrote:> On Fri, 2003-10-31 at 11:04, Charles Holbrook wrote: > > When shorewall starts up does it completely flush any other iptables > > rule sets or nat entries that are already in there? > > Or > > Can I run two instances of shorewall each loading a different set of > > rules and a different set of IP addresses in the NAT table and have each > > one only control what it adds? > > You can only have one Netfilter ruleset. When you issue "shorewall > [re]start", the existing ruleset is cleared and a new one is constructed > based on the configuration directory that you specify. > > -Tom