Am 03.01.2017 um 16:04 schrieb Martin Hejl:
> Hi all,
>
> the shorewall init script for 6.0.1 in /etc/init.d/shorewall currently
> reads (relevant part only):
>
> =========================================================
>
> start() {
> echo "Starting IPv4 shorewall rules..."
> wait_for_pppd
> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
> /sbin/shorewall $OPTIONS start $STARTOPTIONS
> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
> }
>
> stop() {
> echo "Stopping IPv4 shorewall rules..."
> /sbin/shorewall stop
> }
>
> refresh() {
> echo "Refreshing IPv4 shorewall rules..."
> /sbin/shorewall refresh $REFRESHOPTIONS
> }
>
>
> reload() {
> echo "Reloading IPv4 shorewall rules..."
> /sbin/shorewall reload $RELOADOPTIONS
> }
>
> restart() {
> echo "Restarting IPv4 shorewall rules..."
> /sbin/shorewall restart $RESTARTOPTIONS
> }
>
> =========================================================
>
> Shouldn't mount_modules and umount_modules also be called for
> "restart()" (possibly also for "refresh()" and "reload()") ?
You are possibly right.
>
> I've been trying to figure out why I couldn't get DNAT to work
> (shorewall always terminated with an error during "svi shorewall
> restart" after me updating /etc/shorewall/rules).
>
> By doing
>
> svi shorewall stop
> svi shorewall start
So you changed the shorewall config and then used a re* call option to
bring the changes up. Well I never attempted this. I guess it would not
be too hard to mount/umount the modules filesystem for all re* calls.
You could actually add this to your router and please provide a patch
to KP :-)
cheers
ET
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
