Shorewall uses a "compile" then "execute" approach. The Shorewall configuration compiler reads the configuration files and generates a shell script. Errors in the compilation step cause the script to be discarded and the command to be aborted. If the compilation step doesn't find any errors then the shell script is executed.
./sbin/shorewall
[source,bash]
----
/sbin/shorewall start
/sbin/shorewall stop
/sbin/shorewall clear
----
.NOTE
[NOTE]
====
The 'compiled' scripts are placed by default in the directory /var/lib/shorewall and are named to correspond to the command being executed. For example, the command /sbin/shorewall start will generate a script named /var/lib/shorewall/.start and, if the compilation is error free, that script will then be executed. If the script executes successfully, it then copies itself to /var/lib/shorewall/firewall. When an /sbin/shorewall stop or /sbin/shorewall clear command is subsequently executed, /var/lib/shorewall/firewall is run to perform the requested operation.
The AUTOMAKE option in /etc/shorewall/shorewall.conf may be set to automatically generate a new script when one of the configuration files is changed. When no file has changed since the last compilation, the /sbin/shorewall start, /sbin/shorewall reload and /sbin/shorewall restart commands will simply execute the current /var/lib/shorewall/firewall script.
test2
5 years ago