hi, if i use shorewall-lite and at the central i put STARTUP_ENABLED=No /sbin/shorewall load -c firewall still upload AND run the iptables command. imho in case STARTUP_ENABLED=No or shorewall is not set to run ie: chkconfig --list shorewall-lite is off then /sbin/shorewall load should have to upload the new firewall config but shouldn''t have to run it. it''s a bug or a feature? -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Farkas Levente wrote:> hi, > if i use shorewall-lite and at the central i put STARTUP_ENABLED=No > /sbin/shorewall load -c firewall > still upload AND run the iptables command. > imho in case STARTUP_ENABLED=No or shorewall is not set to run ie: > chkconfig --list shorewall-lite > is off then /sbin/shorewall load should have to upload the new firewall > config but shouldn''t have to run it. > it''s a bug or a feature? >I don''t understand the situation. In which .conf file did you specify STARTUP_ENABLED=No? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Tom Eastep wrote:> Farkas Levente wrote: >> hi, >> if i use shorewall-lite and at the central i put STARTUP_ENABLED=No >> /sbin/shorewall load -c firewall >> still upload AND run the iptables command. >> imho in case STARTUP_ENABLED=No or shorewall is not set to run ie: >> chkconfig --list shorewall-lite >> is off then /sbin/shorewall load should have to upload the new firewall >> config but shouldn''t have to run it. >> it''s a bug or a feature? >> > > I don''t understand the situation. In which .conf file did you specify > STARTUP_ENABLED=No?in the ''administrative system''''s export directory''s shorewall.conf file (while i also chkconfig shorewall-lite off on the firewall system). -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
Farkas Levente wrote:> Tom Eastep wrote: >> Farkas Levente wrote: >>> hi, >>> if i use shorewall-lite and at the central i put STARTUP_ENABLED=No >>> /sbin/shorewall load -c firewall >>> still upload AND run the iptables command. >>> imho in case STARTUP_ENABLED=No or shorewall is not set to run ie: >>> chkconfig --list shorewall-lite >>> is off then /sbin/shorewall load should have to upload the new firewall >>> config but shouldn''t have to run it. >>> it''s a bug or a feature? >>> >> I don''t understand the situation. In which .conf file did you specify >> STARTUP_ENABLED=No? > > in the ''administrative system''''s export directory''s shorewall.conf file > (while i also > chkconfig shorewall-lite off > on the firewall system). >That setting is ignored by design. If you want to only compile and upload the firewall script, use the ''upload'' command. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/