hello Tom, After playing with shorewall-init a bit more, I have some more issues:
1) shorewall6: accept_ra does not get restored when the network is restarted. A shorewall restart fixes that. I would have expected ifup-local to perform the same settings as a shorewall restart does. Am I missing something? I hve traced the problem to interface_is_usable() in the firewall script: it uses find_first_interface_address_if_any() that returns no address assigned yet as it needs a router advertisement to do so. All interfaces on my machine have that problem as I am using the wide dhcpv6 client to retrieve a prefix delegation from the modem on the interface that has accept_ra set. Would it be possible to remove the test for the interface address? Again, a shorewall restart works ok. 2) shorewall: I have net.ipv4.ip_forward = 0 in sysctl.conf. Shorewall-init does not set the forwarding per interface as shorewall restart does. Do you have any idea what might cause this? Is this another mistake in my configurration like yes goofup I had yesterday? Kind regards, Louis ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
