Ljubomir Ljubojevic wrote: > I do not know the internals of shorewall, and this is my first > (possible) bug report so I relied on the fact you will ask for relevant > information. > I added both requests as file attachments.
Thank you for the additional information. There is a defect in Shorewall that causes the startup failure when an optional interface has multiple providers through it and Shorewall is unable to determine the MAC address of one or more of the GATEWAYs. That bug will be somewhat difficult to fix and, when fixed, your firewall still won't restart properly under the same circumstances. While the bridge is being started prior to the 'shorewall restart', it appears that the bridge is not yet fully functional. Adding a few second 'sleep' in /etc/shorewall/init may help. I notice in the .iptables-restore-input that when Shorewall does come up, the following rules are generated: -A routemark -i br0 -m mac --mac-source 00:0c:76:42:a9:8c -j MARK --set-mark 1 -A routemark -i br0 -m mac --mac-source 00:0c:76:42:a9:8c -j MARK --set-mark 2 Note the identical MAC addresses in the two rules -- without seeing /var/lib/shorewall/.restart, I cannot tell if that is a Shorewall bug or a configuration error. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
