Re: [Shorewall-users] Debian packages for 5.1.8.1 - now available

Tue, 21 Nov 2017 05:57:08 -0800 

Hi Roberto,

On 21 November 2017 at 12:40, Roberto C. Sánchez <robe...@connexer.com> wrote:
>> I even had to replace allow-hotplug with auto on all nics in
>> /etc/network/interfaces to have shorewall startup at boot.
>
> This is strange.  I have not encountered this.  Can you describe more
> details of your configuration so that I can understand this?

I performed a clean/fresh install of stretch.
After install my /etc/network/interfaces looked like this (removed
loopback here in the email):

# The primary network interface
allow-hotplug eno1
iface eno1 inet dhcp

After booting into my new installation I also added:

# LAN interface
allow-hotplug eno2
iface eno2 inet static
        address 192.168.1.1
        netmask 255.255.255.0

I then configured shorewall and started my firewall with 'sudo shorewall start'
Verified that everything was working as expected.

Then i set startup=1 in /etc/default/shorewall and also verified that
STARTUP_ENABLED=YES in /etc/shorewall/shorewall.conf.

I then rebooted my firewall to verify that it started up automatically.
However it did not start.

I found that systemd script shorewall.service was disabled by running
'systemctl is-enabled shorewall'.
The output of the command told me that the service was disabled, so I
enabled it by running:

$ sudo systemctl enable shorewall.service

Rebooted the firewall again but it still did not start automatically.

Then I just for the fun of it replaced allow-hotplug with auto like this:

# The primary network interface
auto eno1
iface eno1 inet dhcp

# LAN interface
auto eno2
iface eno2 inet static
        address 192.168.1.1
        netmask 255.255.255.0

Rebooted again and now shorewall started automatically when the
firewall boots up.
I found this a bit strange but now it works as expected.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to