forked from extern/shorewall_code
More ipset article tweaks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
0cd694370e
commit
7771e5d48f
@ -179,22 +179,25 @@ ACCEPT net:+sshok $FW tcp 22</programlisting></para>
|
||||
|
||||
<para>Beginning with Shorewall 4.6.4, SAVE_IPSETS is available in <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6-conf(5)</ulink>. When set
|
||||
to Yes, the ipv6 ipsets will be set. You can also save selective ipsets by
|
||||
setting SAVE_IPSETS to a comma-separated list of ipset names.</para>
|
||||
to Yes, the ipv6 ipsets will be saved. You can also save selective ipsets
|
||||
by setting SAVE_IPSETS to a comma-separated list of ipset names.</para>
|
||||
|
||||
<para>Prior to Shorewall 4.6.4, SAVE_IPSETS=Yes in shorewall.conf won't
|
||||
work correctly because it saves both IPv4 and IPv6 ipsets. To work around
|
||||
this issue, Shorewall-init is capable restoring ipset contents during
|
||||
'start' and saving them during 'stop'. To direct Shorewall-init to
|
||||
save/restore ipset contents, set the SAVE_IPSETS option in
|
||||
<para>Prior to Shorewall 4.6.4, SAVE_IPSETS=Yes in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> won't work
|
||||
correctly because it saves both IPv4 and IPv6 ipsets. To work around this
|
||||
issue, Shorewall-init is capable restoring ipset contents during 'start'
|
||||
and saving them during 'stop'. To direct Shorewall-init to save/restore
|
||||
ipset contents, set the SAVE_IPSETS option in
|
||||
/etc/sysconfig/shorewall-init (/etc/default/shorewall-init on Debian and
|
||||
derivatives). The value of the option is a file name where the contents of
|
||||
the ipsets will be save to and restored from. Shorewall-init will create
|
||||
any necessary directories during the first 'save' operation. If you
|
||||
configure Shorewall-init to save/restore ipsets, be sure to set
|
||||
SAVE_IPSETS=No in shorewall.conf and shorewall6.conf. If you configure
|
||||
SAVE_IPSETS in both <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and <ulink
|
||||
any necessary directories during the first 'save' operation.</para>
|
||||
|
||||
<para>If you configure Shorewall-init to save/restore ipsets, be sure to
|
||||
set SAVE_IPSETS=No in shorewall.conf and shorewall6.conf.</para>
|
||||
|
||||
<para>If you configure SAVE_IPSETS in <ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf(5)</ulink> and/or <ulink
|
||||
url="manpages6/shorewall6.conf.html">shorewall6.conf(5)</ulink> then do
|
||||
not set SAVE_IPSETS in shorewall-init.</para>
|
||||
</section>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user