[Shorewall-users] Problem with manual IP route commands in Start file

Tom Eastep teastep at shorewall.net
Tue Dec 9 09:59:07 PST 2003


On Tuesday 09 December 2003 09:52 am, Simon Chalk wrote:
> Hi Tom,
>
> The reason I posted it to Shorewall was that my commands are been deleted
> from the start file If I enter the commands and run shorewall restart, then
> I get the desired effect. If I save the commands to disk, and then reboot
> they are lost.

Again -- that is a problem that has absolutely nothing to do with Shorewall.

>
> Are you saying that Bering is responsible for binning the contents of the
> file?

Backing up files is a Bering function -- Shorewall itself has no notion of 
backup. Shorewall supplies the file /var/lib/lrpkg/shorwall.list which tells 
Bering what files are in Shorewall. That is the ONLY connection between 
Shorewall and Bering's backup. If your version of that file makes any 
distinction between /etc/shorewall/start and /etc/shorewall/init then that 
change isn't something I control since this is the content that I release:

etc/init.d/shorewall
etc/shorewall
sbin/shorewall
usr/share/shorewall
var/lib/lrpkg/shorwall.*

As you can see, it has just a single entry for all of /etc/shorewall.

>
> I don't get this problem if I add to the INIT file, but I need to create my
> routes after shorewall has loaded.
>

Adding routes in ANY Shorewall file is not a good thing to do because you 
generally don't want the routes re-added at "shorewall restart". Shorewall is 
a tool for configuring Netfilter; it isn't a catchall facility to be used so 
that people can avoid learning how to run commands at boot time.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list