Hi Martin
Am 03.01.2017 um 20:05 schrieb Martin Hejl:
> Hi Erich
>
> Am 03.01.2017 um 19:59 schrieb Erich Titl:
>> Am 03.01.2017 um 16:04 schrieb Martin Hejl:
>>> Hi all,
>>>
>>> the shorewall init script for 6.0.1 in /etc/init.d/shorewall currently
>>> reads (relevant part only):
>>>
>>> =========================================================
>>>
>>> start() {
>>> echo "Starting IPv4 shorewall rules..."
>>> wait_for_pppd
>>> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
>>> /sbin/shorewall $OPTIONS start $STARTOPTIONS
>>> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
>>> }
>>>
>>> stop() {
>>> echo "Stopping IPv4 shorewall rules..."
>>> /sbin/shorewall stop
>>> }
>>>
>>> refresh() {
>>> echo "Refreshing IPv4 shorewall rules..."
>>> /sbin/shorewall refresh $REFRESHOPTIONS
>>> }
>>>
>>>
>>> reload() {
>>> echo "Reloading IPv4 shorewall rules..."
>>> /sbin/shorewall reload $RELOADOPTIONS
>>> }
>>>
>>> restart() {
>>> echo "Restarting IPv4 shorewall rules..."
>>> /sbin/shorewall restart $RESTARTOPTIONS
>>> }
>>>
>>> =========================================================
>>>
>>> Shouldn't mount_modules and umount_modules also be called for
>>> "restart()" (possibly also for "refresh()" and "reload()") ?
>>
>> You are possibly right.
>>
>>>
>>> I've been trying to figure out why I couldn't get DNAT to work
>>> (shorewall always terminated with an error during "svi shorewall
>>> restart" after me updating /etc/shorewall/rules).
>>>
>>> By doing
>>>
>>> svi shorewall stop
>>> svi shorewall start
>>
>> So you changed the shorewall config and then used a re* call option to
>> bring the changes up. Well I never attempted this. I guess it would not
>> be too hard to mount/umount the modules filesystem for all re* calls.
>
> Is that an unusual approach? I guess I always assumed that
> $ svi serviceName restart
>
> would be equivalent to
> $ svi serviceName stop ; svi serviceName start
Yes indeed I assumed this for a long time and it would make sense to me,
but Tom apparently decided to go another way. We nhave to accept and add
our own ideas, I believe, to not go too far astray.
>
>> You could actually add this to your router and please provide a patch
>> to KP :-)
> I will :-) - I just wanted to make sure my understanding is correct, and
> that I didn't miss anything. It's been a while since I played with
> Bering uClibc, and things have moved on a bit since then.
Can't go that wrong :-)
cheers
Erich
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
