[Shorewall-newbies] A few shorewall questions
teastep at shorewall.net
Mon Feb 23 19:07:20 PST 2004
On Mon, 23 Feb 2004, Alex Martin wrote:
> From a table in the file:
> shorewall restart firewall restart Logically equivalent to ?firewall
> stop;firewall start?
> Thus a restart does a stop. Then:
> shorewall stop firewall stop Only traffic to/from hosts listed in
> /etc/shorewall/hosts is passed to/from/through the firewall. For
> Shorewall versions beginning with 1.4.7, if ADMINISABSENTMINDED=Yes in
> /etc/shorewall/shorewall.conf then in addition, all existing connections
> are retained and all connection requests from the firewall are accepted.
> This is where the information mentioned below came from.
Well, in truth -- 99.999% of the code executed in "shorewall restart" is
exactly the same as it is in "shorewall start". Basically, when you
execute "shorewall start", Shorewall has no idea what state netfilter is
in -- so it does what it needs to to configure netfilter to conform to the
configuration that you specify in the "start" command. That's the same
requirement that "shorewall restart" has....
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies