I would like to "shorewall-lite save" my current shorewall policy on my openwrt target so that load time is nice and quick. I seem to be having a problem though. My version of shorewall[-lite] is 3.2.6. When I log on to the shorewall-lite machine and try to do a "shorewall-lite save" it complains that $VARDIR/.restore does not exist. Looking at shorewall (proper) machine that I have here, it says that .restore is generated: # less /var/lib/shorewall/.restore #!/bin/sh # # Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2 # [bla bla bla] This file does not seem to get generated by shorewall debug load -c <target> though. Looking in /var/lib/shorewall on this other machine I see a bunch of files (.refresh, .restart) that I don''t seem to be getting on my shorewall-lite machine. Am I misunderstanding something? Or have I simply in-eptly built my shorewall-lite package? Thanx! b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian J. Murrell wrote:> > Looking at shorewall (proper) machine that I have here, it says > that .restore is generated: > > # less /var/lib/shorewall/.restore > #!/bin/sh > # > # Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2 > # > [bla bla bla] > > This file does not seem to get generated by shorewall debug load -c > <target> though. Looking in /var/lib/shorewall on this other machine I > see a bunch of files (.refresh, .restart) that I don''t seem to be > getting on my shorewall-lite machine. > > Am I misunderstanding something? Or have I simply in-eptly built my > shorewall-lite package?Brian, We''ve been through all of this on the development list once before. OpenWRT creates a symbolic link /var->/tmp. So each time that you reboot, /var gets blown away. The person who I was dealing with (and who inspired the work that was released in 3.2.9) was going to build his OpenWRT packages with VARDIR set to something else (I don''t remember what it was). - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGIWUuO/MAbZfjDLIRAr++AJ9Djm4R88tFuIgNnyUg20gru8mEEwCfeWhE n2/EK/Bdu3BmCuIPum7tUiE=mqsg -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:> Brian J. Murrell wrote: > >> Looking at shorewall (proper) machine that I have here, it says >> that .restore is generated: > >> # less /var/lib/shorewall/.restore >> #!/bin/sh >> # >> # Generated by the Shoreline Firewall (Shorewall) Packet Filtering Firewall - V3.2 >> # >> [bla bla bla] > >> This file does not seem to get generated by shorewall debug load -c >> <target> though. Looking in /var/lib/shorewall on this other machine I >> see a bunch of files (.refresh, .restart) that I don''t seem to be >> getting on my shorewall-lite machine. > >> Am I misunderstanding something? Or have I simply in-eptly built my >> shorewall-lite package? > > Brian, > > We''ve been through all of this on the development list once before. > OpenWRT creates a symbolic link /var->/tmp. So each time that you > reboot, /var gets blown away. The person who I was dealing with (and who > inspired the work that was released in 3.2.9) was going to build his > OpenWRT packages with VARDIR set to something else (I don''t remember > what it was).But one factor that might be relevant. The value of VARDIR during compilation determines where .restore gets created. That might be a factor. - -Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGIWb7O/MAbZfjDLIRAm9EAKCn9ETmm7mOB0vYLDNsbtTl4ApNawCeN/wO 5HzgnXML291ThF6NNsh2POU=X5Ee -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sat, 2007-14-04 at 16:35 -0700, Tom Eastep wrote:> > We''ve been through all of this on the development list once before. > OpenWRT creates a symbolic link /var->/tmp.Yes, I know.> So each time that you > reboot, /var gets blown away.Right. Which is why I made $VARDIR /etc/shorewall-lite in my ipk. But I still don''t have/get a .restore file there as a result of: $ /sbin/shorewall load -c wireless b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sat, 2007-14-04 at 16:42 -0700, Tom Eastep wrote:> > But one factor that might be relevant. The value of VARDIR during > compilation determines where .restore gets created. That might be a factor.Ah ha! Yes. On my shorewall (proper) system, $VARDIR is indeed still /var/lib/shorewall. This seems like it needs to be another per-lite configurable variable. I will hunt for how to do that. Thanx! b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sat, 2007-14-04 at 16:35 -0700, Tom Eastep wrote:> The person who I was dealing with (and who > inspired the work that was released in 3.2.9) was going to build his > OpenWRT packages with VARDIR set to something else (I don''t remember > what it was).If that was "Marc Zonzon" (as per the http://www.shorewall.net/download.htm page) I think he is MIA. I e-mailed him a week or so ago about his packages and got no response. Additionally the link on the above page to the OpenWRT package by him is broken: Forbidden You don''t have permission to access /ZONZON/memos_index.php on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Hrm. Seems there are two source of OpenWRT packages on the download page. Fabio''s packages are only 3.0.5 though. I''m going to request Ubuntu update to at lease 3.2.10 if not 3.4.2. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, 2007-15-04 at 10:57 -0400, Brian J. Murrell wrote:> > Ah ha! Yes. On my shorewall (proper) system, $VARDIR is indeed > still /var/lib/shorewall. This seems like it needs to be another > per-lite configurable variable. I will hunt for how to do that.Just to update... if I change compiler as such: --- /usr/share/shorewall/compiler.dist 2007-04-15 14:06:49.000000000 -0400 +++ /usr/share/shorewall/compiler 2007-04-15 14:08:03.000000000 -0400 @@ -7928,7 +7928,8 @@ cat >&3 << __EOF__ SHAREDIR=/usr/share/shorewall-lite CONFDIR=/etc/shorewall-lite -VARDIR=/var/lib/shorewall-lite +#VARDIR=/var/lib/shorewall-lite +VARDIR=/etc/shorewall-lite __EOF__ cat >&3 ${SHAREDIR}/functions I get my desired behaviour. I don''t see anything between 3.2.6 and 3.2.10 that effects this kind of change. It really does seem that $VARDIR needs to be per-lite configurable as well. Thots? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Brian J. Murrell wrote:> On Sun, 2007-15-04 at 10:57 -0400, Brian J. Murrell wrote: >> Ah ha! Yes. On my shorewall (proper) system, $VARDIR is indeed >> still /var/lib/shorewall. This seems like it needs to be another >> per-lite configurable variable. I will hunt for how to do that. > > Just to update... if I change compiler as such: > > --- /usr/share/shorewall/compiler.dist 2007-04-15 14:06:49.000000000 -0400 > +++ /usr/share/shorewall/compiler 2007-04-15 14:08:03.000000000 -0400 > @@ -7928,7 +7928,8 @@ > cat >&3 << __EOF__ > SHAREDIR=/usr/share/shorewall-lite > CONFDIR=/etc/shorewall-lite > -VARDIR=/var/lib/shorewall-lite > +#VARDIR=/var/lib/shorewall-lite > +VARDIR=/etc/shorewall-lite > > __EOF__ > cat >&3 ${SHAREDIR}/functions > > I get my desired behaviour. I don''t see anything between 3.2.6 and > 3.2.10 that effects this kind of change. > > It really does seem that $VARDIR needs to be per-lite configurable as > well. > > Thots?No (both to your patch and to a per-lite VARDIR). I think that the OpenVPN /sbin/shorewall-lite should ensure that /var/lib/shorewall-lite points to the correct directory (wherever you set LITEDIR). That''s a simple patch to one component (shorewall-lite) in the OpenWRT package. if [ ! -d $VARDIR ]; then [ -d /var/lib ] || mkdir /var/lib ln -s $LITEDIR $VARDIR fi -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, 2007-15-04 at 11:36 -0700, Tom Eastep wrote:> > No (both to your patchSorry, didn''t mean to imply that I was proposing that particular patch. that was just to demonstrate what I could do to get it to work.> and to a per-lite VARDIR).OK.> I think that the > OpenVPNOpenWRT?> /sbin/shorewall-lite should ensure that /var/lib/shorewall-lite > points to the correct directory (wherever you set LITEDIR).Interestingly it had occurred to me to make /var/lib/shorewall-lite point to /etc/shorewall-lite (my $LITEDIR on my OpenWRT box), although I had thought of doing that in the shorewall initscript. But as to your suggestion, a couple of questions... Is $VARDIR always /var/lib/shorewall-lite?> That''s a > simple patch to one component (shorewall-lite) in the OpenWRT package. > > if [ ! -d $VARDIR ]; then > [ -d /var/lib ] || mkdir /var/lib > ln -s $LITEDIR $VARDIR > fiAnd do you think this solution is specific to OpenWRT? Does it not go hand-in-hand with the configurable $LITEDIR? Is this a patch you would like to see isolated to OpenWRT or do you think it should go into shorewall-lite proper? Does: --- /usr/src/shorewall-lite-3.2.6/shorewall-lite 2006-11-14 23:09:13.000000000 -0500 +++ /usr/src/shorewall-lite-3.2.6/shorewall-lite.openwrt 2007-04-15 15:02:24.000000000 -0400 @@ -1254,6 +1254,11 @@ get_config +if [ ! -d $VARDIR ]; then + mkdir -p $(dirname $VARDIR) + ln -s $LITEDIR $vardir +fi + FIREWALL=$LITEDIR/firewall if [ -f $VERSION_FILE ]; then Look about right then? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Brian J. Murrell wrote:> > >> I think that the >> OpenVPN > > OpenWRT?Yes -- sorry.> >> /sbin/shorewall-lite should ensure that /var/lib/shorewall-lite >> points to the correct directory (wherever you set LITEDIR). > > Interestingly it had occurred to me to make /var/lib/shorewall-lite > point to /etc/shorewall-lite (my $LITEDIR on my OpenWRT box), although I > had thought of doing that in the shorewall initscript.That won''t help the initial "shorewall load" from a remote host unless you always reboot after installing shorewall lite.> > But as to your suggestion, a couple of questions... > > Is $VARDIR always /var/lib/shorewall-lite?Yes.> > > And do you think this solution is specific to OpenWRT?Yes. Does it not go hand-in-hand with the configurable $LITEDIR? LITEDIR only exists because of OpenWRT. But I can justify putting it in the main Shorewall distribution because it needs to be available on administrative systems. I don''t think it is reasonable for an admin system to require patches that are specific to an individual Shorewall Lite distro running on some of the firewall systems.> Is this a patch you would > like to see isolated to OpenWRT or do you think it should go into > shorewall-lite proper?I think it is specific to OpenWRT. Hopefully, OpenWRT is the only distribution that believes that /var isn''t persistent.> > Does: > > --- /usr/src/shorewall-lite-3.2.6/shorewall-lite 2006-11-14 23:09:13.000000000 -0500 > +++ /usr/src/shorewall-lite-3.2.6/shorewall-lite.openwrt 2007-04-15 15:02:24.000000000 -0400 > @@ -1254,6 +1254,11 @@ > > get_config > > +if [ ! -d $VARDIR ]; then > + mkdir -p $(dirname $VARDIR) > + ln -s $LITEDIR $vardir------ s/b VARDIR> +fi > + > FIREWALL=$LITEDIR/firewall > > if [ -f $VERSION_FILE ]; then > > Look about right then?Yes -- with the suggested change. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, 2007-15-04 at 12:34 -0700, Tom Eastep wrote:> > That won''t help the initial "shorewall load" from a remote host unless > you always reboot after installing shorewall lite.Indeed. I had thought about that sort of situation. I don''t know much about ipk''s yet, but I assume they have some sort of post-installation script you could run. I''d just stuff it in there to take care of that one-time case.> Yes.Ahh. So you don''t think there are/will be any other embedded solutions that will opt to make /var run-time only?> Does it not go hand-in-hand with the configurable $LITEDIR? > > LITEDIR only exists because of OpenWRT.Are you using OpenWRT there synonymously with embedded systems or specifically for OpenWRT?> But I can justify putting it in > the main Shorewall distribution because it needs to be available on > administrative systems. I don''t think it is reasonable for an admin > system to require patches that are specific to an individual Shorewall > Lite distro running on some of the firewall systems.I guess I am just thinking about this situation in broader terms than just OpenWRT. I''m not terribly passionate about the situation so I''m not going to argue strongly for it.> I think it is specific to OpenWRT. Hopefully, OpenWRT is the only > distribution that believes that /var isn''t persistent.Lol. I have no idea why they decided this, but I can only imagine it has to do with the "writefulness" that /var usually has and not wanting to subject flash memory to that -- with it''s finite write cycles and so on.> > > > Does: > > > > --- /usr/src/shorewall-lite-3.2.6/shorewall-lite 2006-11-14 23:09:13.000000000 -0500 > > +++ /usr/src/shorewall-lite-3.2.6/shorewall-lite.openwrt 2007-04-15 15:02:24.000000000 -0400 > > @@ -1254,6 +1254,11 @@ > > > > get_config > > > > +if [ ! -d $VARDIR ]; then > > + mkdir -p $(dirname $VARDIR) > > + ln -s $LITEDIR $vardir > ------ s/b VARDIRDamn. I thought I fixed that before sending that e-mail. :-/> > +fi > > + > > FIREWALL=$LITEDIR/firewall > > > > if [ -f $VERSION_FILE ]; then > > > > Look about right then? > > Yes -- with the suggested change.I''m going to make a new shorewall-lite ipk for OpenWRT then based on this idea. Interestingly enough, it makes a lot of my current patch for shorewall-lite on OpenWRT moot. A good sign indeed. Thanx for the guidance! b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Brian J. Murrell wrote:> > Are you using OpenWRT there synonymously with embedded systems or > specifically for OpenWRT? >Specifically for OpenWRT. The LEAF Bering uClibc distribution (which is the other embedded distro that embraces Shorewall) has a persistent /var. But they implement persistence in a clever way so that the CF only gets written when the user elects to ''backup'' a package that has /var content. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, 2007-15-04 at 12:47 -0700, Tom Eastep wrote:> Brian J. Murrell wrote: > > > > > Are you using OpenWRT there synonymously with embedded systems or > > specifically for OpenWRT? > > > > Specifically for OpenWRT. The LEAF Bering uClibc distribution (which is > the other embedded distro that embraces Shorewall) has a persistent > /var. But they implement persistence in a clever way so that the CF only > gets written when the user elects to ''backup'' a package that has /var > content.I take it you are pretty much of the same mind about the local lockf=/var/lock/shorewall using /var/lock for all lite boxes rather than a per-lite configuration? That one is hard-coded in /usr/share/shorewall/functions on the administrative machine unfortunately so there is not much the OpenWRT packaging can do to fix this, if I''m reading the debug output and source code correctly. I suppose another similar shorewall-lite hack to create /var/lock if it doesn''t exist could work too. It really shouldn''t be on the CF anyway. If it were per-lite configurable I was just going to drop it in /tmp, which is where /var/lock would wind up being if created by shorewall-lite so maybe that''s what I''ll just do unless there is something I am not quite seeing. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Brian J. Murrell wrote:> On Sun, 2007-15-04 at 12:47 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >> >>> Are you using OpenWRT there synonymously with embedded systems or >>> specifically for OpenWRT? >>> >> Specifically for OpenWRT. The LEAF Bering uClibc distribution (which is >> the other embedded distro that embraces Shorewall) has a persistent >> /var. But they implement persistence in a clever way so that the CF only >> gets written when the user elects to ''backup'' a package that has /var >> content. > > I take it you are pretty much of the same mind about the > > local lockf=/var/lock/shorewall > > using /var/lock for all lite boxes rather than a per-lite configuration? > > That one is hard-coded in /usr/share/shorewall/functions on the > administrative machine unfortunately so there is not much the OpenWRT > packaging can do to fix this, if I''m reading the debug output and source > code correctly.The only ''local lockf'' in the code reads: local lockf=${VARDIR}/lock> > I suppose another similar shorewall-lite hack to create /var/lockThere is no /var/lock hardcoded anywhere. There is this entry in /etc/shorewall/shorewall.conf: SUBSYSLOCK=/var/lock/subsys/shorewall But clearly, you can change that any way that you want. There are two different locks: ${VARDIR}/lock - used to ensure that two shorewall operations aren''t going on at the same time. SUBSYSLOCK - Used by the init scripts to indicate that the subsystem is supposed to be active. Not all distributions support this so it is options. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, 2007-15-04 at 14:08 -0700, Tom Eastep wrote:> > The only ''local lockf'' in the code reads: > > local lockf=${VARDIR}/lockOh damn. I''m being foiled by vendor patches. Ubuntu (my administrative box) do this: diff -urNad shorewall-3.2.1~/functions shorewall-3.2.1/functions --- shorewall-3.2.1~/functions 2006-07-13 16:28:22.000000000 +0200 +++ shorewall-3.2.1/functions 2006-07-29 11:17:14.000000000 +0200 @@ -463,7 +463,7 @@ mutex_on() { local try=0 - local lockf=${VARDIR}/lock + local lockf=/var/lock/shorewall MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60} @@ -494,7 +494,7 @@ # mutex_off() { - rm -f ${VARDIR}/lock + rm -f /var/lock/shorewall } # to their shorewall package.> There is this entry in /etc/shorewall/shorewall.conf: > > SUBSYSLOCK=/var/lock/subsys/shorewallYeah, already set that to empty for my OpenWRT configuration. It don''t have /var/lock (or /subsys for that matter).> But clearly, you can change that any way that you want. There are two > different locks: > > ${VARDIR}/lock - used to ensure that two shorewall operations > aren''t going on at the same time.Yeah, this is the one they changed for the reason: * Patched the source in order to put the lockfile under /var/lock so that it can be removed automatically during system startup (Closes: #333590) I guess I am going to have to apply a patch to shorewall-lite as I described earlier. But now this becomes shorewall-lite-for-OpenWRT-when-your-admin-box-is-Ubuntu. ~sigh~ But this is clearly a Ubuntu problem, not shorewall. The only thing that could be remotely related to shorewall would be an RFE that pulled that lockfile location up into a variable that a distro could easily override and that a shorewall-lite installation could override for it''s own location as well (i.e. don''t assume it''s the same on every shorewall-lite and shorewall installation). Because really, even if Ubuntu handn''t decided to move that lock file somewhere else, shorewall-lite for OpenWRT would still have to create /var/lock (same flavour as the last hack we discussed). But indeed, it would know what dir it had to create and would not be dependent on the shorewall administrative system not having changed that. I will bug Ubuntu about that little change. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Brian J. Murrell wrote:> > But this is clearly a Ubuntu problem, not shorewall. The only thing > that could be remotely related to shorewall would be an RFE that pulled > that lockfile location up into a variable that a distro could easily > override and that a shorewall-lite installation could override for it''s > own location as well (i.e. don''t assume it''s the same on every > shorewall-lite and shorewall installation). > > Because really, even if Ubuntu handn''t decided to move that lock file > somewhere else, shorewall-lite for OpenWRT would still have to > create /var/lock (same flavour as the last hack we discussed). But > indeed, it would know what dir it had to create and would not be > dependent on the shorewall administrative system not having changed > that. > > I will bug Ubuntu about that little change. >I''ve implemented a LOCKFILE option in shorewall.conf. It is currently only in 3.9 but I''ll back-port it at least to 3.4. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tom Eastep wrote:> > I''ve implemented a LOCKFILE option in shorewall.conf. It is currently > only in 3.9 but I''ll back-port it at least to 3.4. >Backported to 3.4 and 3.2. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/