[Shorewall-users] Feature request for shorewall.lrp
ech at sourceforge.net
Thu Mar 4 11:05:14 PST 2004
You're right but having 2 directories where shorewall looks for
configuration files is ( IMHO) better..
Most of the time, you modify
rules, interfaces,... a handfull number of files.
having only those modified files in a separate directory is a lot easier:
when you follow the Tom's release notes,
if he explains incompatibilites in a file you don't have in your config
directory--> you used the default one and.. nothing to do,
----- Original Message -----
From: "K.-P. Kirchdörfer" <kapeka at ondit.dyndns.org>
To: <shorewall-users at lists.shorewall.net>
Cc: "Etienne Charlier" <ech at sourceforge.net>;
<leaf-devel at lists.sourceforge.net>
Sent: Thursday, March 04, 2004 7:07 PM
Subject: Re: [Shorewall-users] Feature request for shorewall.lrp
Sorry for jumping in late and I haven't followed that thread closely....
But if you don't bother about doc updates in /etc/shorewall/ files and you
shure that shorewall update haven't changed keywords etc. (as it does
sometimes in history - like force to use DNAT) upgrading a lrp and preserve
your setup should be easy:
1) copy all files from /etc/shorewall to a directory like /tmp/shorewall/
2) scp (or use any other appropriate way) new shorewall.lrp to your LEAF
router root dir /
3) lrpkg -i /shorwall.lrp
4) copy /shorwall.lrp to your boot device
5) mv all files from /tmp/shorewall back to /etc/shorewall
6) run shorewall restart and check if everything is working again
7) save shorwall.lrp from lrcfg
optionally do a diff after step 3 to see what has been changed.
Am Donnerstag, 4. März 2004 18:19 schrieb Etienne Charlier:
> ----- Original Message -----
> From: "Tom Eastep" <teastep at shorewall.net>
> To: "Mailing List for Experienced Shorewall Users"
> <shorewall-users at lists.shorewall.net>; "Etienne Charlier"
> <ech at sourceforge.net>; <leaf-devel at lists.sourceforge.net>
> Cc: "Cowles, Steve" <steve at stevecowles.com>
> Sent: Thursday, March 04, 2004 1:00 AM
> Subject: Re: [Shorewall-users] Feature request for shorewall.lrp
> > On Wednesday 03 March 2004 02:55 pm, Etienne Charlier wrote:
> > > Hi, Tom
> > >
> > > Seeing that you're about to release a new version of shorewall, I
> > > KINDLY request from you a very small feature:
> > >
> > > In order to separate the customized configuration, would it be
> > > modify line 67 of
> > > /etc/init.d/shorewall to add something like -c /usr/local/shorewall
> > >
> > > That could allow the users to store our customized configuration files
> > > of the shorewall package.
> > >
> > > It would then be a lot easier to upgrade to newer version of shorewall
> > > : just drop the new lrp then check the release notes and compare the
> > > new "vanilla" configuration files and the customized ones on the
> > > itself.
> > >
> > > Thanks in advance and congratulation for your wonderfull work on
> > > !!!
> > Merci Etienne.
> You're welcome !!!
> > Another thing that we could do is just place all of the config files in
> > /usr/shorewall/share.
> I should have formulated a "requirement", not proposing a solution !
> What I would like is the possibility to have my configurations files
> in a directory NOT
> belonging to the shorewall .LRP package.
> I that directory is referenced in the -c option, the files in this
> directory will take precedence.
> If the directory is not backuped in shorwall.lrp, I could build my own
> shorcfg.lrp ( or local.lrp if the directory is /usr/local/...) containing
> only my configuration directory
> that directory must not exist in shorwall.lrp, only the -c . If a user
> doesn't want that behaviour, he just have to modify the vanillia
> configuration files the same way we all do it now.
> When doing an upgrade, I could just drop a new shorwall.lrp being
> that my configuration files are preserved.
> Thanks for your patience and excuse my "freechie" english.... ;-)
> Kind regards,
> > Steve (and other Leaf users) -- any opinions.
> > -Tom
> > --
> > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> > Shoreline, \ http://shorewall.net
> > Washington USA \ teastep at shorewall.net
> > _______________________________________________
> > Shorewall-users mailing list
> > Post: Shorewall-users at lists.shorewall.net
> > Subscribe/Unsubscribe:
> > Support: http://www.shorewall.net/support.htm
> > FAQ: http://www.shorewall.net/FAQ.htm
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> https://lists.shorewall.net/mailman/listinfo/shorewall-users Support:
> FAQ: http://www.shorewall.net/FAQ.htm
Shorewall-users mailing list
Post: Shorewall-users at lists.shorewall.net
More information about the Shorewall-users