Re: [Shorewall-users] copying existing policy to a new router

Sat, 09 Dec 2017 13:33:26 -0800 

On 12/09/2017 10:57 AM, Brian J. Murrell wrote:
> Hi,
> 
> I want to copy a policy on an existing shorewall[6]-lite router to a
> new router so that the new router, when turned on, picks up exactly
> where the old router left off.
> 
> On the old (LEDE) router, the existing policy state lives in
> /etc/shorewall[6]-lite/state/ as such:
> 
> # ls -l /etc/shorewall-lite/state/
> -rw-------    1 root     root             2 Dec  8 07:01 br-lan.status
> -rw-------    1 root     root             0 Dec  8 07:01 default_route
> -rw-------    1 root     root             2 Dec  8 07:01 eth0.2.status
> -rw-------    1 root     root             2 Nov 12 14:59 eth0.2_weight
> -rw-------    1 root     root             2 Dec  8 07:01 eth0.3.status
> -rwx------    1 root     root        187064 Oct 17 20:38 firewall
> -rw-------    1 root     root           441 Oct 17 20:38 firewall.conf
> -rw-------    1 root     root        774738 Dec  8 07:01 ipsets.save
> -rw-------    1 root     root           181 Dec  8 07:01 marks
> -rw-------    1 root     root             0 Dec  8 07:01 nat
> -rw-------    1 root     root          5676 Dec  8 07:01 policies
> -rw-------    1 root     root             2 Dec  8 07:01 pppoe-wan1.status
> -rw-------    1 root     root             2 Nov 12 14:59 pppoe-wan1_weight
> -rw-------    1 root     root             0 Dec  8 07:01 proxyarp
> -rw-------    1 root     root            29 Dec  8 07:01 restarted
> -rwx------    1 root     root        187064 Oct 17 20:38 restore
> -rw-------    1 root     root        768931 Oct 17 20:38 restore-ipsets
> -rw-------    1 root     root         90537 Oct 17 20:38 restore-iptables
> -rw-------    1 root     root            64 Dec  8 07:01 state
> -rw-------    1 root     root           220 Dec  8 07:01 undo_Squid_routing
> -rw-------    1 root     root            68 Dec  8 07:01 undo_balance_routing
> -rw-------    1 root     root             0 Dec  8 07:01 undo_default_routing
> -rw-------    1 root     root           125 Dec  8 07:01 undo_eth0_3_routing
> -rw-------    1 root     root           280 Dec  8 07:01 undo_main_routing
> -rw-------    1 root     root           345 Dec  8 07:01 zones
> 
> What do I need to and/or should I copy to a new router to make it start
> up with the same policy?  Clearly some of that stuff is "current state"
> which would not be accurate for a replacement of that policy starting
> on a new router.
> 
> I believe I would want:
> 
> firewall
> firewall.conf
> restore-iptables
> restore
> restore-ipsets
> 
> but I'm not sure how that last one squares with:
> 
> ipsets.save

The files named 'restore*' are used by the 'restore' command.
ipsets.save will be used by the 'start' command. So you will want both
files.

> 
> Or if I am missing anything.
> 

I don't believe so.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to