forked from extern/shorewall_code
Update the Starting and Stopping document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e82307f61e
commit
3222a380c3
@ -26,6 +26,8 @@
|
||||
|
||||
<year>2007</year>
|
||||
|
||||
<year>2020</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
||||
@ -201,6 +203,40 @@
|
||||
</blockquote></para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>systemd</title>
|
||||
|
||||
<para>As with SysV init described in the preceeding section, the behavior
|
||||
of systemctl commands differ from the Shorewall CLI commands on
|
||||
Debian-based systems. To make systemctl stop shorewall[-lite] and
|
||||
systemctl restart shorewall[-lite] behave like shorewall stop and
|
||||
shorewall restart, use this workaround provided by J Cliff
|
||||
Armstrong:</para>
|
||||
|
||||
<para> Type (as root):</para>
|
||||
|
||||
<programlisting> <command>systemctl edit shorewall.service</command></programlisting>
|
||||
|
||||
<para>This will open the default terminal editor to a blank file in which
|
||||
you can paste the following:</para>
|
||||
|
||||
<programlisting>[Service]
|
||||
# reset ExecStop ExecStop=
|
||||
# set ExecStop to "stop" instead of "clear"
|
||||
ExecStop=/sbin/shorewall $OPTIONS stop</programlisting>
|
||||
|
||||
<para>Then type</para>
|
||||
|
||||
<programlisting> <command>systemctl daemon-reload</command></programlisting>
|
||||
|
||||
<para>to activate the changes. This change will survive future updates of
|
||||
the shorewall package from apt repositories. The override file itself will
|
||||
be saved to `/etc/systemd/system/shorewall.service.d/`.</para>
|
||||
|
||||
<para>The same workaround may be applied to the other Shorewall products
|
||||
(excluding Shorewall Init).</para>
|
||||
</section>
|
||||
|
||||
<section id="Trace">
|
||||
<title>Tracing Command Execution and other Debugging Aids</title>
|
||||
|
||||
@ -211,7 +247,8 @@
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>shorewall trace check -r</programlisting>
|
||||
<programlisting><command>shorewall trace check -r</command> # Shorewall versions prior to 5.2.4
|
||||
<command>shorewall check -D </command> # Shorewall versions 5.2.4 and later</programlisting>
|
||||
|
||||
<para>This produces a large amount of diagnostic output to standard out
|
||||
during the compilation step. If the command invokes the compiled firewall
|
||||
@ -224,10 +261,11 @@
|
||||
|
||||
<para>Example:</para>
|
||||
|
||||
<programlisting>shorewall debug restart</programlisting>
|
||||
<programlisting><command>shorewall debug restart</command> # Shorewall versions prior to 5.2.4
|
||||
<command>shorewall -D restart</command> # Shorewall versions 5.2.4 and later</programlisting>
|
||||
|
||||
<para><emphasis role="bold">debug</emphasis> causes altered behavior of
|
||||
scripts generated by the Shorewall compiler. These scripts normally use
|
||||
<para><emphasis role="bold">debug</emphasis> (-D) causes altered behavior
|
||||
of scripts generated by the Shorewall compiler. These scripts normally use
|
||||
ip[6]tables-restore to install the Netfilter ruleset, but with debug, the
|
||||
commands normally passed to iptables-restore in its input file are passed
|
||||
individually to ip[6]tables. This is a diagnostic aid which allows
|
||||
|
Loading…
Reference in New Issue
Block a user