30 lines
1.2 KiB
Text
30 lines
1.2 KiB
Text
shorewall-init from upstream offers two features (taken from [1]):
|
|
|
|
1. It can 'close' the firewall before the network interfaces are
|
|
brought up during boot.
|
|
|
|
2. It can change the firewall state as the result of interfaces
|
|
being brought up or taken down.
|
|
|
|
On Gentoo we only support the first feature -- the firewall lockdown during
|
|
boot.
|
|
|
|
We do not support the second feature, because Gentoo doesn't support a
|
|
if-{up,down}.d folder like other distributions do. If you would want to use
|
|
such a feature, you would have to add a custom action to /etc/conf.d/net
|
|
(please refer to the Gentoo Linux Handbook [2] for more information).
|
|
If you are able to add your custom {pre,post}{up,down} action, your are
|
|
also able to specify what shorewall{6,-lite,6-lite} should do, so there is
|
|
no need for upstream's scripts in Gentoo.
|
|
|
|
If you disagree with us, feel free to open a bug [3] and contribute your
|
|
solution for Gentoo.
|
|
|
|
Upstream's original init script also supports saving and restoring of
|
|
ipsets. Please use the init script from net-firewall/ipset if you need
|
|
such a feature.
|
|
|
|
|
|
[1] http://www.shorewall.net/Shorewall-init.html
|
|
[2] http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=5
|
|
[3] https://bugs.gentoo.org
|