Tom Eastep <[EMAIL PROTECTED]> wrote:
| Tom Eastep wrote:
|
| >> I can't trace it, it only occurs at a shorewall start or stop.
| >> Seems 'functions' can't be found BEFORE the start of shorewall.
| >> So if shorewall isn't started how can it run
| >> 'find_first_interface_address' ?
| >> The /etc/shorewall/params try to be founded (?) just before
| >> the start of shorewall.
| >
| > Then you should be able to reproduce it with "shorewall stop;shorewall
start"
|
| Here's one possibility. Try this:
|
| - shorewall stop
| - shorewall start -f
|
| Do you see the message then? If so:
No the message is not there, but .....
|
| - shorewall forget
|
| Reason: At some point when you had an incorrect configuration, you
| issued a "shorewall save" command. The "shorewall forget" command
| reverses the effect of "shorewall save".
|
| And during system boot, Shorewall tries to speed up the boot process by
| using "shorewall start -f" which restores the last saved configuration,
| if any (otherwise it does a normal 'shorewall start').
|
The fault is here: /etc/init.d/shorewall ( debian ).
When i do a '/etc/init.d/shorewall stop' or /etc/init.d/shorewall
start', the message is there !
But a 'shorewall stop' or 'shorewall start', there is no message.
Here i call directly /sbin/shorewall and not /etc/init.d/shorewall !
Here is the shorewall file called on boot.
mess-mate
--
You have had a long-term stimulation relative to business.
#!/bin/sh
### BEGIN INIT INFO
# Provides: shorewall
# Required-Start: $network
# Required-Stop: $network
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: Configure the firewall at boot time
# Description: Configure the firewall according to the rules specified in
# /etc/shorewall
### END INIT INFO
SRWL=/sbin/shorewall
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
# Note, set INITLOG to /dev/null if you do not want to
# keep logs of the firewall (not recommended)
INITLOG=/var/log/shorewall-init.log
test -x $SRWL || exit 0
test -x $WAIT_FOR_IFUP || exit 0
test -n $INITLOG || {
echo "INITLOG cannot be empty, please configure $0" ;
exit 1;
}
if [ "$(id -u)" != "0" ]
then
echo "You must be root to start, stop or restart \"Shorewall firewall\"."
exit 1
fi
echo_notdone () {
if [ "$INITLOG" = "/dev/null" ] ; then
echo "not done."
else
echo "not done (check $INITLOG)."
fi
}
not_configured () {
echo "#### WARNING ####"
echo "The firewall won't be started/stopped unless it is configured"
if [ "$1" != "stop" ]
then
echo ""
echo "Please read about Debian specific customization in"
echo "/usr/share/doc/shorewall/README.Debian.gz."
fi
echo "#################"
exit 0
}
# parse the shorewall params file in order to use params in
# /etc/default/shorewall
if [ -f "/etc/shorewall/params" ]
then
. /etc/shorewall/params
fi
# check if shorewall is configured or not
if [ -f "/etc/default/shorewall" ]
then
. /etc/default/shorewall
if [ "$startup" != "1" ]
then
not_configured
fi
else
not_configured
fi
# wait an unconfigured interface
wait_for_pppd () {
if [ "$wait_interface" != "" ]
then
for i in $wait_interface
do
$WAIT_FOR_IFUP $i 90
done
fi
}
# start the firewall
shorewall_start () {
echo -n "Starting \"Shorewall firewall\": "
wait_for_pppd
$SRWL start >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
# stop the firewall
shorewall_stop () {
echo -n "Stopping \"Shorewall firewall\": "
$SRWL clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
# restart the firewall
shorewall_restart () {
echo -n "Restarting \"Shorewall firewall\": "
$SRWL restart >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
# refresh the firewall
shorewall_refresh () {
echo -n "Refreshing \"Shorewall firewall\": "
$SRWL refresh >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
case "$1" in
start)
shorewall_start
;;
stop)
shorewall_stop
;;
refresh)
shorewall_refresh
;;
force-reload|restart)
shorewall_restart
;;
*)
echo "Usage: /etc/init.d/shorewall
{start|stop|refresh|restart|force-reload}"
exit 1
esac
exit 0
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
