diff options
Diffstat (limited to 'net-firewall/shorewall/files/4.6/shorewall-init.readme')
| -rw-r--r-- | net-firewall/shorewall/files/4.6/shorewall-init.readme | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/net-firewall/shorewall/files/4.6/shorewall-init.readme b/net-firewall/shorewall/files/4.6/shorewall-init.readme new file mode 100644 index 000000000000..f7b13fed3de6 --- /dev/null +++ b/net-firewall/shorewall/files/4.6/shorewall-init.readme @@ -0,0 +1,30 @@ +shorewall-init from upstream offers two features (taken from [1]): + + 1. It can 'close' the firewall before the network interfaces are + brought up during boot. + + 2. It can change the firewall state as the result of interfaces + being brought up or taken down. + +On Gentoo we only support the first feature -- the firewall lockdown during +boot. + +We do not support the second feature, because Gentoo doesn't support a +if-{up,down}.d folder like other distributions do. If you would want to use +such a feature, you would have to add a custom action to /etc/conf.d/net +(please refer to the Gentoo Linux Handbook [2] for more information). +If you are able to add your custom {pre,post}{up,down} action, your are +also able to specify what shorewall{6,-lite,6-lite} should do, so there is +no need for upstream's scripts in Gentoo. + +If you disagree with us, feel free to open a bug [3] and contribute your +solution for Gentoo. + +Upstream's original init script also supports saving and restoring of +ipsets. Please use the init script from net-firewall/ipset if you need +such a feature. + + +[1] http://www.shorewall.net/Shorewall-init.html +[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5 +[3] https://bugs.gentoo.org |