On Wednesday, October 10, 2018, 12:23:20 PM GMT+2, Vieri Di Paola via Shorewall-users <shorewall-users@lists.sourceforge.net> wrote: > > So in the end, the guilty party seems to be the pppd daemon, or the way I > configure it. > > A simple solution would be to run "shorewall reload" within an ip-up.d > script. However, I'm not sure how to do this automatically if the ppp > "persist" optionĀ doesn't work in my setup (or at least not when I reboot my > modems). Anyway, it's not a shorewall issue anymore.
Just in case someone else has the same issue, here's a "solution/hack". First of all, you should specify both lcp-echo-interval and lcp-echo-failure in the ppp options, along with "persist" and "maxfail 0". Personally, I have the following: pppd_ppp3="noauth persist holdoff 3 maxfail 0 child-timeout 60 lcp-echo-interval 15 lcp-echo-failure 3 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp " So now, each time my modem reboots, pppd detects link failure due to LCP reply errors. Still, you need to tell shorewall to reload. I'm doing it with a ppp "up" script. Basically, I have a custom script in /etc/ppp/ip-up.d which calls "shorewall reload". I've noticed that sometimes shorewall "hangs" when there's another shorewall process running (eg. fired up by a cron job, a monitoring script, another admin user, or whatever). Sure, I could change my ip-up.d script as well as all the other scripts to first check if shorewall is already running before executing "shorewall reload", but I can't be sure an admin user will do so if logged in via ssh and running it manually. Is there a config option in Shorewall to tell it to exit immediately if it finds another running process? Something like: # shorewall reload FATAL ERROR: found at least another process. PID1 PID2 PID3 ... and the exit code would be non-zero. Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
