Backing up and restoring Shorewall firewall settings

I'm a Linux newbie and am running Shorewall firewall on Xandros Linux. My question is on backing up and restoring the firewall settings in the event of a computer failure.

The particular box I need to back up is being used only as a firewall. The blacklist of I/P addresses is what most needs to be backed up since it's quite long and hand entering it again would be tedious. The problem is that Xandros uses a proprietary graphical interface for Shorewall, and the blacklist file is over-written and any hand entered changes lost each time the firewall is started. Changes made from within the graphical intrface are saved properly.

Has anyone had any success backing up and restoring the firewall settings under these conditions? I'm considering just trying to copy the etc\\shorewall and \\var\\lib\\shorewall folders to a different box and replacing the folders of the same name with the firewall off, starting the firewall and seeing if it comes up properly.

Thanks in advance.

Reply to
Loading thread data ...

Shorewall is an iptables based program, it shows up on a number of linux distributions. I use it on Mandrake/Mandriva

I am surprised that the gui version does not recognize your hand entries, but there are a few things to consider there

- are the gui entries in some specific format or control characters and spaces?

- does the gui version keep its own blacklist file? You can enter a dummy ip address and search for it

Two points

1 - your backup a full backup of /etc and /var/lib shoud be part of your (daily) backup routine. You can copy these to any other computer, whatever os it runs I see no problem trying what you suggest, it should work and there is no downside risk When restoring after a reinstall, I have always done the individual files as needed, rather than the whole directory, but I see no reason why you can't do the whole directory If you rename directories, you may have to re-boot the computer between each test as some settings are cached

2 - your blacklist I couldn't see much value in keeping such a list. I did for a while, but I found a few things - it tended to grow very fast, making searching the list somewhat slow - the troublemakers were changing their ip addresses every few months - It settled down to a few hundred 'bad' connects a day. - As long as shorewall is keeping them out, I don't care who they are

I send my logs to dshield and participate in their logging program

formatting link


Reply to
Stuart Miller Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.