Re: [Shorewall-users] Multi isp lsm question

Mon, 14 May 2012 20:11:25 -0700 

On 5/14/12 5:32 PM, Tom Eastep wrote:
> On 5/14/12 3:28 PM, Tom Eastep wrote:
>> On 05/14/2012 03:23 PM, John McMonagle wrote:
>>
>>> Tom
>>>
>>> Seems to work.
>>> The provider is removed after about 20 seconds after failure.
>>> It returns  a bit over 3 minutes after being plugged back in.
>>> Seems a bit long. Is that intentional?
>>
>> You need to adjust your LSM parameters. The default LSM settings are to 
>> fail fast and recover slowly.
> 
> And here is another patch you should apply.

But you must apply this first.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

commit a88e0daef349210f3e730a95744235c33dec1e54
Author: Tom Eastep <[email protected]>
Date:   Sun May 13 13:49:59 2012 -0700

    Improve interface_is_usable()
    
    Signed-off-by: Tom Eastep <[email protected]>

diff --git a/Shorewall/lib.core b/Shorewall/lib.core
index 660143c..1ce4f8f 100644
--- a/Shorewall/lib.core
+++ b/Shorewall/lib.core
@@ -179,14 +179,14 @@ interface_is_usable() # $1 = interface
     local status;
     status=0
 
-    if [ "$1" != lo ]; then
+    if [ "$1" != lo -a "$COMMAND" != enable ]; then
        if [ $g_family -eq 4 ]; then
-           if interface_is_up $1 && [ "$(find_first_interface_address_if_any 
$1)" != 0.0.0.0 -a "$COMMAND" != enable ]; then
+           if interface_is_up $1 && [ "$(find_first_interface_address_if_any 
$1)" != 0.0.0.0 ]; then
                run_isusable_exit $1
                status=$?
            fi
        else
-           if interface_is_up $1 && [ "$(find_first_interface_address_if_any 
$1)" != :: -a "$COMMAND" != enable ]; then
+           if interface_is_up $1 && [ "$(find_first_interface_address_if_any 
$1)" != :: ]; then
                run_isusable_exit $1
                status=$?
            fi

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to