blob: f7b13fed3de6c348091144c40cecb180e6ce6dff (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
shorewall-init from upstream offers two features (taken from [1]):
1. It can 'close' the firewall before the network interfaces are
brought up during boot.
2. It can change the firewall state as the result of interfaces
being brought up or taken down.
On Gentoo we only support the first feature -- the firewall lockdown during
boot.
We do not support the second feature, because Gentoo doesn't support a
if-{up,down}.d folder like other distributions do. If you would want to use
such a feature, you would have to add a custom action to /etc/conf.d/net
(please refer to the Gentoo Linux Handbook [2] for more information).
If you are able to add your custom {pre,post}{up,down} action, your are
also able to specify what shorewall{6,-lite,6-lite} should do, so there is
no need for upstream's scripts in Gentoo.
If you disagree with us, feel free to open a bug [3] and contribute your
solution for Gentoo.
Upstream's original init script also supports saving and restoring of
ipsets. Please use the init script from net-firewall/ipset if you need
such a feature.
[1] http://www.shorewall.net/Shorewall-init.html
[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5
[3] https://bugs.gentoo.org
|
GitWeb
