Hi there, I'm porting an existing configuration (managed by ansible, not that I believe that to be relevant) to Debian buster. I'm seeing a strange behaviour where most of the time, rules are simply not updated after a reload or restart. I noticed that when this happens, the file /var/lib/shorewall/firewall is not updated - it maintains the mtime of the last run that did manage to change things. It's also noticable that the compile stage is not running, particularly the absence of messages when running with -vv.
Meanwhile, the mtime of /var/lib/shorewall/.iptables-restore-input does change, but it's referring to out of date data - that from /var/lib/shorewall/firewall, presumably. Removing /var/lib/shorewall/firewall forces recompilation to happen and the correct rules to be deployed. /etc/shorewall/shorewall.conf is the packaged default and hasn't been changed. I'm starting shorewall with systemd, but the same thing happens when running manually or via ansible. What could cause the compilation phase to be skipped and outdated data be used to configure the system? Thanks, Dominic. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
