Re: [Fwbuilder-discussion] fwbuilder 4.1.1 problem on embedded system
Brought to you by:
mikehorn
From: Erich T. <eri...@th...> - 2010-09-23 21:25:47
|
on 23.09.2010 22:54, Mike Slifcak wrote: > Folks, Do not try this on your production systems! > > Erich, If you want to stop the command at first error, > you could add a single command to the prolog script: > > set -ex # show commands, terminate when the shell detects an error > > or > set -e # terminate when the shell detects an error Thanks, I know how to look at the shell :-) But this alone will not help me to wake me up in case something goes wrong at the installation on a production system. > > That will be useful for debugging your script changes. > Unfortunately, there is no rollback when the shell detects an error. There would be, I am running the fwbuilder script in its own environment and could actually check on its return value, then call the backed up settings to get me out of trouble. > > I've successfully devised a rollback that excluded route or interface > changes, > which are made before the prolog function is invoked. Well, somewhere early in the firewall set up, all rules and policies are reset and stayed that way in my case, frightening. cheers Erich |