Mail archive
alpine-devel

Re: [alpine-devel] AWall Policy files

From: <elactrum_at_jamailca.com>
Date: Fri, 19 Oct 2012 07:26:15 -0500

On 2012-10-19 02:47, Mika Havela wrote:
> Hi!
> Thanks for working on AWall!
>
> I have a question about where AWall Policy files are/should be saved.
> As I understand it, AWall will look for user-created Policy files in
> '/usr/share/awall/optional'.
> Technically it works fine.
> But when using AWall on Alpine that boots from read only media, you
> will need to add this additional step when configuring AWall
> lbu include /usr/share/awall/optional
> (If you have HDD installed Alpine you can skip the above step.)
> But /each/ time read only media (eg. USB,CD,CF,...) is used, you will
> need to remember to do the 'lbu inc...' step or you will loose your
> configs at next reboot.
>
> Most other packages in Alpine saves config-files in '/etc' and
> therefore 'lbu' takes care of these automatically without forcing
> user
> to run 'lbu inc'.
> If AWall would do the same (in addition to read Policy files from
> '/usr/share/awall/optional') then it might reduce situations when a
> user sets up AWall but loses their config at next reboot because they
> forgot to run 'lbu inc /usr/share/awall/optional'.
>
> My suggestion for improving AWall would be that we make AWall read
> for
> Policy files from:
> * /usr/share/awall/optional/ (as it already does)
> * /etc/awall/policy.d/ (or some other appropriate dir name that
> indicates that here are some Policies that could be
> enabled/activated)
>
> This way users could be directed to create their own policies in
> '/etc/awall/policy.d/' and as long as they run 'lbu ci' (which they
> would when running on read only media) then they will not lose
> anything.
> '/usr/share/awall/optional/' could be a path where 'apk' can store
> AWall policies that comes from some package(s).
>
> Might be AWall already has takes care about the 'lbu' issue mentioned
> above, in that case please direct me where user-specific configs
> should be stored (preferably somewhere in /etc/).
>

I believe that you can place user-specific policies in /etc/awall,
according to
http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide.

I think that the idea is that /usr/share/awall/optional will be used
for policies that come from apk packages, and then these can be enabled
or disabled from /etc/awall.

Hope that helps.

-Andrew

> These where just some thoughts about AWall improvements.
>
> <<mhavela>>



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Fri Oct 19 2012 - 07:26:15 UTC