* Paul Gear <[EMAIL PROTECTED]>: > Thijs Kinkhorst wrote: > >>/etc/init.d/shorewall stop will keep applied some of the shorewall settings > > > > > > I experienced a problem that I think reduces to the same issue: I executed > > "/etc/init.d/shorewall stop", thinking that it would disable the shorewall > > rules and hence enable all traffic. However, running > > "/etc/init.d/shorewall stop" left my system totally unreachable. I think > > that's undesirable behaviour. > > Lorenzo has changed the behaviour of the init script for Debian to make > this the default behaviour for the benefit of those who are used to > Debian init script behaviour. > > However, for those experienced with Shorewall, this is extremely > undesirable behaviour. Stopping shorewall is semantically equivalent to > saying "I don't want any more traffic passing through my firewall." > > The appropriate way to clear out Shorewall's rules is 'shorewall clear' > (which is now called by '/etc/init.d/shorewall stop'). If you want your > system to be reachable when you execute 'shorewall stop', then you > should put the appropriate entries in /etc/shorewall/routestopped. > > Lorenzo, i think at the very least we need a clear, prominent comment in > README.Debian that highlights the difference between 'shorewall stop' > and '/etc/init.d/shorewall stop'. I personally think the discrepancy is > undesirable and a better approach would be educating users about what > 'shorewall stop' and 'shorewall clear' are designed to do.
The comment is already in NEWS.Debian. If you use apt-listchanges you'll be informed about news automatically when a new one is found. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
