X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from qcs10.qcslink.com (www.amkresearch.com [64.34.177.70]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id C83C0DC022A for ; Fri, 19 Oct 2012 12:26:16 +0000 (UTC) Received: from localhost ([127.0.0.1]:34787 helo=qcs10.qcslink.com) by qcs10.qcslink.com with esmtpa (Exim 4.80) (envelope-from ) id 1TPBeZ-0000WX-PC for alpine-devel@lists.alpinelinux.org; Fri, 19 Oct 2012 07:26:15 -0500 X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 19 Oct 2012 07:26:15 -0500 From: elactrum@jamailca.com To: Subject: Re: [alpine-devel] AWall Policy files In-Reply-To: References: Message-ID: X-Sender: elactrum@jamailca.com User-Agent: Roundcube Webmail/0.8.1 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - qcs10.qcslink.com X-AntiAbuse: Original Domain - lists.alpinelinux.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - jamailca.com On 2012-10-19 02:47, Mika Havela wrote: > Hi! > Thanks for working on AWall! > > I have a question about where AWall Policy files are/should be saved. > As I understand it, AWall will look for user-created Policy files in > '/usr/share/awall/optional'. > Technically it works fine. > But when using AWall on Alpine that boots from read only media, you > will need to add this additional step when configuring AWall > lbu include /usr/share/awall/optional > (If you have HDD installed Alpine you can skip the above step.) > But /each/ time read only media (eg. USB,CD,CF,...) is used, you will > need to remember to do the 'lbu inc...' step or you will loose your > configs at next reboot. > > Most other packages in Alpine saves config-files in '/etc' and > therefore 'lbu' takes care of these automatically without forcing > user > to run 'lbu inc'. > If AWall would do the same (in addition to read Policy files from > '/usr/share/awall/optional') then it might reduce situations when a > user sets up AWall but loses their config at next reboot because they > forgot to run 'lbu inc /usr/share/awall/optional'. > > My suggestion for improving AWall would be that we make AWall read > for > Policy files from: > * /usr/share/awall/optional/ (as it already does) > * /etc/awall/policy.d/ (or some other appropriate dir name that > indicates that here are some Policies that could be > enabled/activated) > > This way users could be directed to create their own policies in > '/etc/awall/policy.d/' and as long as they run 'lbu ci' (which they > would when running on read only media) then they will not lose > anything. > '/usr/share/awall/optional/' could be a path where 'apk' can store > AWall policies that comes from some package(s). > > Might be AWall already has takes care about the 'lbu' issue mentioned > above, in that case please direct me where user-specific configs > should be stored (preferably somewhere in /etc/). > I believe that you can place user-specific policies in /etc/awall, according to http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide. I think that the idea is that /usr/share/awall/optional will be used for policies that come from apk packages, and then these can be enabled or disabled from /etc/awall. Hope that helps. -Andrew > These where just some thoughts about AWall improvements. > > <> --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---