On 4/12/13 2:22 PM, "Louis Lagendijk" <lo...@fazant.net> wrote:
> >hello Tom, >After playing with shorewall-init a bit more, I have some more issues: > >1) shorewall6: accept_ra does not get restored when the network is >restarted. A shorewall restart fixes that. I would have expected >ifup-local to perform the same settings as a shorewall restart does. Am >I missing something? >I hve traced the problem to interface_is_usable() in the firewall script: >it uses find_first_interface_address_if_any() that returns no address >assigned yet as it needs a router advertisement to do so. All >interfaces on my machine have that problem as I am using the wide >dhcpv6 client to retrieve a prefix delegation from the modem on the >interface that has accept_ra set. Would it be possible to remove >the test for the interface address? That same code gets executed during start/restart. Look at the function detect_configuration() in the generated firewall script; that gets called for start/restart and for enable. So I don't believe that is the root cause of your problem. > >Again, a shorewall restart works ok. > >2) shorewall: I have net.ipv4.ip_forward = 0 > in sysctl.conf. Shorewall-init does not set the forwarding per interface >as >shorewall restart does. Do you have any idea what might cause this? > >Is this another mistake in my configurration like yes goofup I had >yesterday? Shorewall (ipv4) does not set the per-interface forwarding flag in any command. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
