-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/05/2017 03:14 AM, Simon Hobson wrote: > Had an oddball yesterday, when the office lost internet > connectivity. In the logs I found > > May 4 12:44:12 *** logger: ERROR:Shorewall 'enable ***' failed May > 4 12:44:13 *** logger: Shorewall Stopped > > One of the configured FTTC (VDSL2) providers had gone down and come > back up, and I have a script in /etc/ppp/ip-up.d that calls > "shorewall enable ***" after the PPP connection is up - but for > some reason it failed this once. It's been working fine for some > time with one provider, I've recently added this one by simply > cloning all the config entries from the existing one. If I manually > drop the PPP connection then everything works fine, and there have > been a couple more line drops since where it's worked fine. > > So clearly a transient error, but any ideas what could have caused > it ? I know manglement will be asking for more than "sh*t happens" > !
The details about the failure would have been written to STDERR prior to logging those messages. > > Also, what does "shorewall enable ..." do ? > It runs the part of 'start' that deals with that particular provider; you can see the code in the function 'start_provider_<provider name>' in the compiled script. > > I assume it's running a subset of "shorewall [re]start" to build > the routing tables - is it normal for a failure like this to result > in a stopped state ? > When an essential command like adding an iptables rule or adding a route fail, the firewall is placed in the 'stopped' state. I could take a look at changing that behavior in the case of 'enable'. - -Tom - -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJZDJn/AAoJEJbms/JCOk0QKSEQAKWg0w1WyVgsYhzWeBTSykKG N6B+38hOeJYv1cpf/6gcA3mWXXtWgFN/XLAdM6ezNEK8jBuXeXECyV3wC3RPWbLn L4BnUbiQyjhP/d0b3mAhj6Q9gtEeH4b6qzt3xCpo1nibmvFHMrk8slV13qyrNlq2 59kZoeV0KTWjguNX7UIhr/yohlYA7X3IcKeanI+e37VUSkNxDwx1JiAlXM1T7hha WnGliW4TTRu3slEmGqMo5QiaXKzi54aZB0cBa3r2k8vOlo1y4tuo+fhYjKigX5oY dTDvlAznaqro5/BHgIP7glyG23njkIsnBUo72jIn47AmhEMddaebKqxdegVPT7o7 j/vaiTGRlLGDJz3jif91Vfh383gIg6hknxWkhSzxI/WIWncvhkCyNF1eXlghLKBd wvKF4vQCiVznsd8ago+X1bgVFU9VcEb7196n9soEdpJ8Af3cIH3TRZQURkKsMTzn fJeySCrouXFFyDM8snb8ti1LGu1c0gx41JZJGgMVT6/Egi7+JGyjQGpagI4y8Brq JEb0AWNIe41oHXiqrBeoRIa6MnlIrnQRJqKYMHfuy9KBdIovKfshHbEZ5uFVWOSC NLcHVwUA+yt0IiD1XnEQacrxjjINu/HbY5jGbYpJ/R0rrjX6tbKxK0o9zlzRohyy cxqmG8ujX3HJTWCsH7rG =M8K7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
