Re: [leaf-devel] 6.0.1 - shorewall init script

Tue, 03 Jan 2017 12:06:07 -0800 

Hi Erich

Am 03.01.2017 um 19:59 schrieb Erich Titl:
> Am 03.01.2017 um 16:04 schrieb Martin Hejl:
>> Hi all,
>>
>> the shorewall init script for 6.0.1 in /etc/init.d/shorewall currently
>> reads (relevant part only):
>>
>> =========================================================
>>
>> start() {
>>          echo "Starting IPv4 shorewall rules..."
>>          wait_for_pppd
>>          [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
>>          /sbin/shorewall $OPTIONS start $STARTOPTIONS
>>          [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
>> }
>>
>> stop() {
>>          echo "Stopping IPv4 shorewall rules..."
>>          /sbin/shorewall stop
>> }
>>
>> refresh() {
>>          echo "Refreshing IPv4 shorewall rules..."
>>          /sbin/shorewall refresh $REFRESHOPTIONS
>> }
>>
>>
>> reload() {
>>          echo "Reloading IPv4 shorewall rules..."
>>          /sbin/shorewall reload $RELOADOPTIONS
>> }
>>
>> restart() {
>>          echo "Restarting IPv4 shorewall rules..."
>>          /sbin/shorewall restart $RESTARTOPTIONS
>> }
>>
>> =========================================================
>>
>> Shouldn't mount_modules and umount_modules also be called for
>> "restart()" (possibly also for "refresh()" and "reload()") ?
>
> You are possibly right.
>
>>
>> I've been trying to figure out why I couldn't get DNAT to work
>> (shorewall always terminated with an error during "svi shorewall
>> restart" after me updating /etc/shorewall/rules).
>>
>> By doing
>>
>> svi shorewall stop
>> svi shorewall start
>
> So you changed the shorewall config and then used a re* call option to
> bring the changes up. Well I never attempted this. I guess it would not
> be too hard to mount/umount the modules filesystem for all re* calls.

Is that an unusual approach? I guess I always assumed that
        $ svi serviceName restart

would be equivalent to
        $ svi serviceName stop ; svi serviceName start

> You could actually add this to your router and  please provide a patch
> to KP :-)
I will :-) - I just wanted to make sure my understanding is correct, and 
that I didn't miss anything. It's been a while since I played with 
Bering uClibc, and things have moved on a bit since then.


Martin




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel

Reply via email to