On 4/24/19 8:30 PM, David Burrow wrote: > Hi all! > > Previous user of Shorewall, returning after a long absence. How much it > has evolved. I see that Tom has stopped development, but I'm wondering > if anyone on the list has run into this problem? > > In the documentation for the rules file, it states that switch values > are retained across a Shorewall restart. However, it doesn't actually > look like that is happening on my system. > > Ubuntu Server 16.04 > Shorewall is set up with three interfaces and zones: WAN, LAN Bridge, > and a separate VLAN bridge. > > I have the following rules, as part of a strategy to limit my kids > access to the internet when they are supposed to be in bed. Rules work > exactly as expected: > > REJECT:info loc:+burrow-bigkids\ > net all - - > - - - - - > timestart=03:00×top=12:00&weekdays=Sun,Mon,Tue,Wed,Thu&utc\ > > > - is_dst > REJECT:info loc:+burrow-bigkids\ > net all - - > - - - - - > timestart=04:00×top=13:00&weekdays=Sun,Mon,Tue,Wed,Thu&utc\ > > > - !is_dst > > > EXCEPT, the value of is_dst is always set to 0 on a shorewall restart. > > I haven't the foggiest idea even where to look. Does anyone have any > suggestions? >
Switch values are retained over a 'shorewall reload' and are saved over 'shorewall restart' only if RESTART=reload in shorewall.conf. If RESTART=restart, then 'shorewall restart' does a 'shorewall stop' followed by a 'shorewall start'. So, unless the switch also appears in the 'stoppedrules', its setting will be lost. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
