[Shorewall-users] shorewall 1.2.2 upgrade

Tom Eastep teastep@shorewall.net
Tue, 8 Jan 2002 15:43:58 -0800


On Tuesday 08 January 2002 03:37 pm, Steve Ladewig wrote:
> Greetings !
> The install script seems to miss updating the shorewall.conf file.
> (was looking forward to BLACKLIST)
>
> install.sh:
> # Install the config file
> #
> if [ -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
>     backup_file /etc/shorewall/shorewall.conf
> else
>     run_install -o root -g root -m 0744 shorewall.conf
> ${PREFIX}/etc/shorewall/shorewall.conf
>     echo -e "\nConfig file installed as
> ${PREFIX}/etc/shorewall/shorewall.conf"
> fi
>
> Shouldn't it be something  like:
> # Install the config file
> #
> if [ -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
>     backup_file /etc/shorewall/shorewall.conf
>     run_install -o root -g root -m 0744 shorewall.conf
> ${PREFIX}/etc/shorewall/shorewall.conf
>     echo -e "\nConfig file installed as
> ${PREFIX}/etc/shorewall/shorewall.conf"
> else
>     run_install -o root -g root -m 0744 shorewall.conf
> ${PREFIX}/etc/shorewall/shorewall.conf
>     echo -e "\nConfig file installed as
> ${PREFIX}/etc/shorewall/shorewall.conf"
> fi
>
> If the conf exists back it up then install new one.   I dunno I just
> copied it in and diff/edit.

I never overwrite your existing config files during an upgrade. I assume =
that=20
when new parameters are added that people will edit their files and add=20
parameters if they need to. I try to pick reasonable defaults so that if =
you=20
do nothing, new features will work in a reasonable fashion. In the case o=
f=20
blacklisting, if you don't do anything to your shorewall.conf, you get=20
BLACKLIST_DISPOSITION=3DDROP and BLACKLIST_LOGLEVEL=3D. I personally find=
 those=20
reasonable (since they're the settings I use ;-)

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------