* John Summerfield <[EMAIL PROTECTED]>: > Package: shorewall > Version: 2.2.3-1 > Severity: normal > > I maintain the software on several systems remotely, connecting over > they Internet. > > I am concerned that one day an upgrade to shorwall will leave me with a > broken firewall and the need to visit the site or worse, find local > hired help.
Hi John, I have the same worries. I usually use debconf to warn users about possible problems with configuration files but I'm aware that that couldn't be enough and problems may arise all the same. Unfortunately shorewall check is almost unsupported, that would be the best solution in my opinion. > Ideas that come to mind: > Use alternatives to choose the active version. This should be in manual > mode. Store config files in version-dependant directories - > /etc/shorewall22 etc. > > Use iptables-save to save a working firewall script and make this the > default, to be changed at a time of the sysadmin's choosing. I cannot understand what really is your first idea, but I believe the second is much more insteresting: backup your current configuration before restart the firewall and eventually restore it. I'll think about that... > This is quite a serious concern to me; I've been cracked and my firewall > rules are part of my plan to limit (by IP address range) locations from > which connexions can be made to sensitive services. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
