The initscript should use "shorewall -f start", which if state has been saved ("shorewall save") is faster than without the -f switch, and if no state has been saved, is exactly the same as without. The initscript should also look for a saved statefile and if found use "shorewall restore" instead of "restart". Reproducible: Always Steps to Reproduce: 1. 2. 3. I'm willing to submit a patch to the initscript, or even a patch to the ebuild if the package maintainer can point me in the right direction for the procedure.
can you please make a patch for us?
Created attachment 58138 [details, diff] Patch to implement proposed functionality A simple patch. Note that the user has to save a shorewall config using "shorewall save" in order to benefit from the patch.
The patch is working great for me
Looks like a bug in shorewall but I get errors when restoring my traffic control: * Restarting firewall... Restoring Shorewall... Loading kernel modules... Clearing Traffic Control/QOS Restoring Proxy ARP... Restoring one-to-one NAT... Restoring ARP filtering... Restoring IP Forwarding... Restoring Masquerading/SNAT... Restoring Traffic Control... /var/lib/shorewall/restore: line 116: run_tc: command not found /var/lib/shorewall/restore: line 159: run_iptables: command not found ...
Works for me with 3.0.5. In cvs. Thanks!