Hello. I am a Shorewall user and, as my knowledge of this code is tiny and I do not know if this behavior might interfere with the function of the firewall, I would like to report a strange behavior.
I am using shorewall in a device running Linux 4.9 which has 3 interfaces. eth0 -> Interface attached to the LAN. eth11 -> Port used by portable equipment to do maintenance operations in the device. wlan0 -> Wireless interface. The shorewall used is the release 5.1.1 I have observed that after the execution of a "shorewall restart" command, the status of interfaces (shorewall -v status -i) does not appear on the console. Only the status of the Disabled interfaces is shown, in my case, eth11. Besides, the files: /var/lib/shorewall/<iface>.status /var/lib/shorewall/undo_<iface>_routing have disappeared from the directory, except "eth11.status". Using the couple of commands "ifdown <iface>", "ifup <iface>", the correspondent interface appears on the report of status but, when the firewall is stopped and started again (or restarted), they disappear from the report. Checking the setup of another different device I am using, I have observed that it is working well, showing the status of all of its interfaces defined in the firewall. The difference resides in this one has 3 providers defined. Inspecting the code built by the compiler, I have seen that the behavior is different when at least one interface is working as provider or not. Providers setup: The function "setup_routing_and_traffic_shaping" has 1 line performing an "undo_routing" BEFORE starting providers and interfaces. No providers setup: The function "setup_routing_and_traffic_shaping" has 2 lines performing an "undo_routing" and "restore_default_route" AFTER starting interfaces. Should those lines be placed BEFORE starting interfaces when there are no providers defined? Reviewing the code of Shorewall 4.4.0, this function is different but, these 2 lines are placed in a different position near the beginning of "setup_routing_and_traffic_shaping". As workaround, I have defined the wireless interface as provider but, as I do not need Load Balancing neither Backup paths, I would prefer not to do it. Could you check if I am right? Thank you for your attention. Regards.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
