On Sun, Apr 22, 2012 at 05:21:53PM -0400, Jeffrey Sheinberg wrote: > On Sat, Apr 21, 2012 at 08:28:19PM -0400, Roberto C. S?nchez wrote: > > > These files are regenerated everytime Shorewall is started/restarted. > > The only way to achieve the behavior you describe is to change the umask > > prior to starting/restarting Shorewall. Because this is external to > > Shorewall, I am closing this report. > > Hi Roberto, > > This is a shorewall problem - the files are being "regenerated", this is > the problem. > > The files in question should simply be truncated when opened. This is normal > behavior of most unix programs, unless they have a good reason to do > otherwise. >
Except that would result in a wiping out known good configurations before it is known that the new configuration is good (in the chase of a restart). This would not be acceptable, as it could eliminate the administrators capability to safely restart. What Shorewall does is to create the new files under temporary names, and on successful completion removing the old file and moving the new file into place. Truncation would not work in that case. I recommend that you look at placing any 'chmod' commands that you require into /etc/shorewall/started. Please see http://shorewall.net/shorewall_extension_scripts.htm for additional information. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
