shorewall-users June 2011 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Shorewall

Re: [Shorewall-users] Shorewall

From: Mr Dash Four <mr.dash.four_at_nospam>
Date: Tue Jun 07 2011 - 15:18:32 GMT
To: Shorewall Users <>

> OK, what I do is not limited to shorewall, I do in with every RPM update.
> What I do is to create a backup file named .orig before editing any config
> file. Then, RPM will create a .rpmnew file, and the config update script
> does all the diffing and patching so the .orig and the real config get
> updated. I don't know how to keep configs clean otherwise.
Read what I posted about an hour or so while ago on this list (provided
the daemon didn't cut off my attachments, that is) - when I first
started with shorewall, I used to do exactly what you have been doing,
but got really fed up with it after a while.

Since 20-Beta5 I thought that needed changing as there were a lot of
options introduced in one go in that version, so I designed the script I
attached earlier. It works and I use it in my rpm files (both during
building of shorewall as well as in the %post section during
installation/upgrade) and it does a good job as it merges my old options
with the new, giving preference to what I have already selected in my
old shorewall.conf file.

I am hoping something will be done in 20.x because as it is now, there
is no way to have that merged unless one is patient enough to check
(i.e. diff) old and new options every single time shorewall is released.

I am planning an improved version of my update-shorewall-config script
to include more information as to what were old (deprecated) and what
were new (missing in the 'old') options in the resulting shorewall.conf
file, something like this:


#NEW introduced in 4.4.20 - DEFAULT value selected

EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
Shorewall-users mailing list