On Sat, 2013-03-30 at 15:00 -0700, Tom Eastep wrote:
> > It also determines whether or not to transmit Router
> > Solicitations. If and only if the functional setting is to
> > accept Router Advertisements, Router Solicitations will be
> > transmitted.
> >
> > Possible values are:
> > 0 Do not accept Router Advertisements.
> > 1 Accept Router Advertisements if forwarding is disabled.
> > 2 Overrule forwarding behaviour. Accept Router Advertisements
> > even if forwarding is enabled.
> >
> > Functional default: enabled if local forwarding is disabled
> > disabled if local forwarding is enabled.
> >
> > Judging by the purpose of the variable it might be appropriate to add it
> > as an option. It is somewhat similar to the forwarding option....
> > Thanks in advance for your feedback
> >
hello Tom,
The accep_ra option work as expected.
I do have a problem with shorewall-init. With
PRODUCTS="shorewall"
#
# Set this to 1 if you want Shorewall-init to react to
# ifup/ifdown and NetworkManager events
#
IFUPDOWN=1
#
in the config file, I get the following (after a long timeout):
[root@nest sbin]# ifdown eth0.160
lockfile: Sorry, giving up on "/var/lib/shorewall/lock"
Shorewall down triggered by eth0.160
Attempting disable on interface eth0.160
ERROR: Interface eth0.160 is already disabled: Firewall state not
changed
/sbin/ifdown-local: line 189: 11977 Terminated
${VARDIR}/firewall -V0 $COMMAND $INTERFACE
/sbin/ifdown-local: line 198: echo_notdone: command not found
[root@nest sbin]#
(eth0.160 is one of my vlan interfaces).
How can I debug the firewall script to see where it hangs? The tricky
part is that if I issue the firewall command manually, it kind of works
right away:
Shorewall down triggered by eth0.160
Attempting disable on interface eth0.160
ERROR: Interface eth0.160 is already disabled: Firewall state not
changed
Terminated
[root@nest sbin]# /var/lib/shorewall/firewall up eth0.160
WARNING: Stale lockfile /var/lib/shorewall/lock from pid 13011
removed
Shorewall up triggered by eth0.160
Attempting enable on interface eth0.160
[root@nest sbin]# /var/lib/shorewall/firewall down eth0.160
Shorewall down triggered by eth0.160
Attempting disable on interface eth0.160
ERROR: Interface eth0.160 is already disabled: Firewall state not
changed
Terminated
And the second question:
where is the echo_notdone supposed to be defined that is used in the
ifup/down local scripts supposed to be defined? (I am using CentOS6)
Thanks for your kind help
Kind regards, Louis
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
