On 04/22/2013 04:40 AM, Igor Sverkos wrote: > Hi, > > I am currently testing what will happen in error conditions. I noticed > the following output (the error will happen because a used ipset in a > rule doesn't exist): > > # shorewall safe-restart > Compiling... > Processing /etc/shorewall/params ... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Compiling /etc/shorewall/zones... > Compiling /etc/shorewall/interfaces... > Determining Hosts in Zones... > Locating Action Files... > Compiling /etc/shorewall/policy... > Running /etc/shorewall/initdone... > Adding Anti-smurf Rules > Compiling TCP Flags filtering... > Compiling Kernel Route Filtering... > Compiling Martian Logging... > Compiling MAC Filtration -- Phase 1... > Compiling /etc/shorewall/rules... > WARNING: Ipset test does not exist /etc/shorewall/rules (line 20) > Compiling /etc/shorewall/conntrack... > Compiling MAC Filtration -- Phase 2... > Applying Policies... > Compiling /usr/share/shorewall/action.Reject for chain Reject... > Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... > Generating Rule Matrix... > Creating iptables-restore input... > Shorewall configuration compiled to /var/lib/shorewall/.restart > Currently-running Configuration Saved to /var/lib/shorewall/.safe > Restarting... > Restarting Shorewall.... > Initializing... > Processing /etc/shorewall/init ... > Processing /etc/shorewall/tcclear ... > Setting up Route Filtering... > Setting up Martian Logging... > Setting up Proxy ARP... > Preparing iptables-restore input... > Running /sbin/iptables-restore... > iptables-restore v1.4.17: Set test doesn't exist. > > Error occurred at line: 104 > Try `iptables-restore -h' or 'iptables-restore --help' for more information. > ERROR: iptables-restore Failed. Input is in > /var/lib/shorewall/.iptables-restore-input > Restoring Shorewall... > Initializing... > Processing /etc/shorewall/init ... > Processing /etc/shorewall/tcclear ... > Setting up Route Filtering... > Setting up Martian Logging... > Setting up Proxy ARP... > IPv4 Forwarding Enabled > Processing /etc/shorewall/restored ... > done. > Shorewall restored from /var/lib/shorewall/.safe > /usr/share/shorewall/lib.common: line 112: 9976 Terminated > $SHOREWALL_SHELL $script $options $@ > > > I am wondering about the last line: The script is catching previous > errors and prints nice and readable output. The last line doesn't fit > into the previous picture. > > Is everything fine or is there a problem?
The 'restart' failed but the firewall was restored to it's original state from before the 'safe-restart' attempt. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
