Mail archive

Re: [alpine-devel] AWall Policy files

From: <>
Date: Fri, 19 Oct 2012 07:26:15 -0500

On 2012-10-19 02:47, Mika Havela wrote:
> Hi!
> Thanks for working on AWall!
> I have a question about where AWall Policy files are/should be saved.
> As I understand it, AWall will look for user-created Policy files in
> '/usr/share/awall/optional'.
> Technically it works fine.
> But when using AWall on Alpine that boots from read only media, you
> will need to add this additional step when configuring AWall
> lbu include /usr/share/awall/optional
> (If you have HDD installed Alpine you can skip the above step.)
> But /each/ time read only media (eg. USB,CD,CF,...) is used, you will
> need to remember to do the 'lbu inc...' step or you will loose your
> configs at next reboot.
> Most other packages in Alpine saves config-files in '/etc' and
> therefore 'lbu' takes care of these automatically without forcing
> user
> to run 'lbu inc'.
> If AWall would do the same (in addition to read Policy files from
> '/usr/share/awall/optional') then it might reduce situations when a
> user sets up AWall but loses their config at next reboot because they
> forgot to run 'lbu inc /usr/share/awall/optional'.
> My suggestion for improving AWall would be that we make AWall read
> for
> Policy files from:
> * /usr/share/awall/optional/ (as it already does)
> * /etc/awall/policy.d/ (or some other appropriate dir name that
> indicates that here are some Policies that could be
> enabled/activated)
> This way users could be directed to create their own policies in
> '/etc/awall/policy.d/' and as long as they run 'lbu ci' (which they
> would when running on read only media) then they will not lose
> anything.
> '/usr/share/awall/optional/' could be a path where 'apk' can store
> AWall policies that comes from some package(s).
> Might be AWall already has takes care about the 'lbu' issue mentioned
> above, in that case please direct me where user-specific configs
> should be stored (preferably somewhere in /etc/).

I believe that you can place user-specific policies in /etc/awall,
according to

I think that the idea is that /usr/share/awall/optional will be used
for policies that come from apk packages, and then these can be enabled
or disabled from /etc/awall.

Hope that helps.


> These where just some thoughts about AWall improvements.
> <<mhavela>>

Received on Fri Oct 19 2012 - 07:26:15 UTC