| 12345678910111213141516171819202122232425262728293031 |
- shorewall-init from upstream offers two features (taken from [1]):
- 1. It can 'close' the firewall before the network interfaces are
- brought up during boot.
-
- 2. It can change the firewall state as the result of interfaces
- being brought up or taken down.
- On Gentoo we only support the first feature -- the firewall lockdown during
- boot.
- We do not support the second feature, because Gentoo doesn't support a
- if-{up,down}.d folder like other distributions do. If you would want to use
- such a feature, you would have to add a custom action to /etc/conf.d/net
- (please refer to the Gentoo Linux Handbook [2] for more information).
- If you are able to add your custom {pre,post}{up,down} action, your are
- also able to specify what shorewall{6,-lite,6-lite} should do, so there is
- no need for upstream's scripts in Gentoo.
- If you disagree with us, feel free to open a bug [3] and contribute your
- solution for Gentoo.
- Upstream's original init script also supports saving and restoring of
- ipsets. Please use the init script from net-firewall/ipset if you need
- such a feature.
- [1] http://www.shorewall.net/Shorewall-init.html
- [2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5
- [3] https://bugs.gentoo.org
|
