-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-02-17 21:26, Benny Pedersen wrote: > problem is that default openrc have default rc.conf that here does > not start shorewall6 > > so it for me not shorewall problem at all, i do not use gentoo > build kernel, since linode.com uses generic debian kernel, so i > think its more complex problem i have here with openrc running on > gentoo userland and debian kernel create faulty strict dependice > in openrc > > after configure rc.conf to be more strict it works for me > > now i like to make a bug, but unsure where to report it > > maybe i can convense linode to make gentoo kernel with specific > gentoo .config
I still don't get your problem. It looks like you have problems with Gentoo at all so you better ask in Gentoo user mailing lists or our forums (https://forums.gentoo.org/). If you think it is a problem in net-firewall/shorewall package, please file a bug against this package at https://bugs.gentoo.org/ but at the moment I would close your bug as "NEEDINFO" because I still don't get your problem, sorry. Please describe what you want to do (your final goal). Then tell us what you have tried to do that/achieve your goal so far. Setting up shorewall in Gentoo is pretty straightforward. 1) Set USE flags for shorewall components you want to use, i.e. shorewall = ipv4 shorewall6 = ipv6 shorewall-init = init shorewall-lite = lite4 shorewall6-lite = lite6 A typical configuration on a standalone system with IPv4 and IPv6 connectivity would be net-firewall/shorewall[init,ipv4,ipv6]. See https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/USE#Package_specific_USE_flags for more information. 2) Install net-firewall/shorewall, # emerge --ask net-firewall/shorewall Let's assume you have installed net-firewall/shorewall[ipv4,ipv6,init]: 3) Now create a basic shorewall configuration (i.e. adjust rules, policy, interfaces, zones...) for each installed shorewall product (shorewall and shorewall6 in this example). Don't forget to set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf and /etc/shorewall6/shorewall6.conf like described in the shorewall documentation. See http://shorewall.net/standalone.htm for more information. 4) Test your configuration, i.e. run # shorewall check # shorewall6 check Fix any reported problem. Once your configuration is fine you can start shorewall, execute # shorewall start # shorewall6 start Note: We have used shorewall's own CLI so far, no runscripts. You could also use "/etc/init.d/shorewall check" or "/etc/init.d/shorewall start" (same for shorewall6). 5) Now with a working shorewall/shorewall6 configuration it is time to enable shorewall in default runlevel. For OpenRC do # rc-update add shorewall default # rc-update add shorewall6 default 6) Like said in step 1 we assume you also have installed shorewall-init component (via "init" USE flag) because you want to protect your system as early as possible. So you also have to configure shorewall-init: Edit /etc/conf.d/shorewall-init and make sure "PRODUCTS" contains all the shorewall products shorewall-init should initialize on boot. In our example you need a line like PRODUCTS="shorewall shorewall6" Finally you will need to enable shorewall-init service on boot runlevel, run # rc-update add shorewall-init boot When you now reboot your system you will see that shorewall-init will initialize shorewall and shorewall6 very early on boot and that shorewall and shorewall6 will be started later when entering default runlevel. I hope this will help you to get shorewall working on Gentoo. - -- Regards, Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 iQJ8BAEBCgBmBQJYqDM5XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IhxIP/igs2eb8QnM0frOn+C4fGW8j QNcdoOjVItE/irEPJUmE3NDVypR+z3X36FlmmpN/OCLb3Ru4ozkTpEBNKJMNQVtu 53i6wDK2t77P4feiGd53E5rhS0/L3xYaVhgJzsX/LhZOQ/i/KQOZXp4/KlZaUKKT 1uXo0WEFs9li3x2/nmgLInnhzdTpXk1I6EXYjw4WTBBxQiyFcHksNxLxJ1NeVkD5 lz+GJ0ZF4+QS7QFioLyQFcjfbtxzZOusPnzieo71ylGyGqd5C1COYpz5gUwSffsi 1ZIa/k/i7kvTwV4bSJ2aYllzriP9aOO8VwWat1LESRI0Jp0E09+pWKDifBhCp7vC 97Yv7tSC7rI+T/Gt6u+rTOTbSuAvvx3ODZWQbrfj3pN3ziyMn/0WAM0H+5UqZJZV OK8sfmXONstkdsCDwXVkYakPCh+vD/E6/3Ttb5W3jGmXpv8ErV9JyUwHtQvfalh1 eHH5At7azVdhETvG45e4TKvvC2k8fwsfyYAY/2Uw5aDMaDILOGkHuZWnKgRv1byd OL9kvAX3WH9HnLhZ5KAa5w3YK3WdgJ/unkEmhk3X3Ao5UBX3/UBmNzGuTVNor8x2 8BWmAUWnt+Iy7qjciMLddMxfVpIsucbcdnOkGJ6MaB9aNj7Anj5IjldpVSDehEnS CE30215ahiU51hi12WYb =Cm4J -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
