-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 01/03/2017 12:05 PM, Martin Hejl wrote:
> Hi Erich
>
> Am 03.01.2017 um 19:59 schrieb Erich Titl:
>> Am 03.01.2017 um 16:04 schrieb Martin Hejl:
>>> Hi all,
>>>
>>> the shorewall init script for 6.0.1 in /etc/init.d/shorewall
>>> currently reads (relevant part only):
>>>
>>> =========================================================
>>>
>>> start() { echo "Starting IPv4 shorewall rules..."
>>> wait_for_pppd [ -x /usr/sbin/mount_modules ] &&
>>> /usr/sbin/mount_modules /sbin/shorewall $OPTIONS start
>>> $STARTOPTIONS [ -x /usr/sbin/umount_modules ] &&
>>> /usr/sbin/umount_modules }
>>>
>>> stop() { echo "Stopping IPv4 shorewall rules..."
>>> /sbin/shorewall stop }
>>>
>>> refresh() { echo "Refreshing IPv4 shorewall rules..."
>>> /sbin/shorewall refresh $REFRESHOPTIONS }
>>>
>>>
>>> reload() { echo "Reloading IPv4 shorewall rules..."
>>> /sbin/shorewall reload $RELOADOPTIONS }
>>>
>>> restart() { echo "Restarting IPv4 shorewall rules..."
>>> /sbin/shorewall restart $RESTARTOPTIONS }
>>>
>>> =========================================================
>>>
>>> Shouldn't mount_modules and umount_modules also be called for
>>> "restart()" (possibly also for "refresh()" and "reload()") ?
>>
>> You are possibly right.
>>
>>>
>>> I've been trying to figure out why I couldn't get DNAT to work
>>> (shorewall always terminated with an error during "svi
>>> shorewall restart" after me updating /etc/shorewall/rules).
>>>
>>> By doing
>>>
>>> svi shorewall stop svi shorewall start
>>
>> So you changed the shorewall config and then used a re* call
>> option to bring the changes up. Well I never attempted this. I
>> guess it would not be too hard to mount/umount the modules
>> filesystem for all re* calls.
>
> Is that an unusual approach? I guess I always assumed that $ svi
> serviceName restart
>
> would be equivalent to $ svi serviceName stop ; svi serviceName
> start
>
Beginning with Shorewall 5, there is a RESTART configuration option
which may be set to 'reload' or 'restart'. Prior to Shorewall 5,
'shorewall restart' was not equivalent to 'shorewall stop && shorewall
start'. Now, if 'RESTART=restart' is specified, the two are equivalent
and there is a 'reload' command to do what 'restart' has done
traditionally.
That having been said, I don't understand why Shorewall module loading
should behave differently between 'shorewall reload', 'shorewall
restart' and 'shorwall stop && shorewall start'.
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJYbp6dAAoJEJbms/JCOk0Q39MQAJ5/TT8S9TNG+HLoucJfD1PJ
Rhwcf2XGLZFUZ23ZrulHD5vZVrRKKIy10El1hLU9Hi81wHGBRGygh+PRlbDDw+p3
gTumFmR+lSnHX/2at187KU2gw3//kmTmGqT1fFyYZEUaz6fATAvtawixbtICdCZI
2O40FOj4qtZxbrJyqFLWqauvI4kdukRgIk+wkt2itw4MavzUDBlrBl5u0BV0LHsX
YWZd/JItqyK7eV9tNQ70iw7NA3vEigYEJhprJC5PBoGNmcxR11bcNg/EqPFscPss
b6wPk7zVYwgi57R7gDYTKC6HWeIziJxRCDpQht8ymmxCiRP6CuaPbmE2GUnSIeb+
QJNoNEYXv0YFlk9UwFtPwGcXI7VSQFjiaCJqGhcwF0Lgvr97IYDSTyLSG2M80a/o
Whcj2TbN62LAJdl/rtgtkWuBCTwlRITmkYf+f0k9oXRergrxVT5DrEtMbItZZuFT
LeFo8ad5U6wyEEznbcDpVbOXB2ZyGo19f8BbOUjiVIjIgP91W0xAOVT0MrCQZKN9
txB//14pfAYhTV6cqUyBuTPPhrYsPnBxzmdVszYQfJ5fvNis7MZiqHaDmYilwzdY
PxMfMoU1yinmaazpvlWF9+lQFTNuUPiDu2c0lV3d7GLGFGyOakhstTN+ewjyVYJV
jcsyv+1pT2PhC5r0a+Mf
=mf+F
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
