[Shorewall-newbies] A few shorewall questions

Tom Eastep teastep at shorewall.net
Mon Feb 23 19:07:20 PST 2004

On Mon, 23 Feb 2004, Alex Martin wrote:

>  From a table in the file:
> http://shorewall.net/starting_and_stopping_shorewall.htm
> shorewall restart 	firewall restart 	Logically equivalent to ?firewall
> stop;firewall start?
> Thus a restart does a stop. Then:
> shorewall stop 	firewall stop 	Only traffic to/from hosts listed in
> /etc/shorewall/hosts is passed to/from/through the firewall. For
> Shorewall versions beginning with 1.4.7, if ADMINISABSENTMINDED=Yes in
> /etc/shorewall/shorewall.conf then in addition, all existing connections
> are retained and all connection requests from the firewall are accepted.
> This is where the information mentioned below came from.

Well, in truth -- 99.999% of the code executed in "shorewall restart" is
exactly the same as it is in "shorewall start". Basically, when you
execute "shorewall start", Shorewall has no idea what state netfilter is
in -- so it does what it needs to to configure netfilter to conform to the
configuration that you specify in the "start" command. That's the same
requirement that "shorewall restart" has....

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list