On 2/15/20 4:30 PM, Diego Rivera wrote: > Ok sorry for the noise. > > I have a better feel for why running things twice with "debug" enabled > appeared to be working. Turns out that the first invocation with "debug" > fails as expected, but also fails to restore the rules that were > originally present when shorewall was invoked (i.e. the > "bad/incompatible" docker/libvirt rules). Thus, when run the 2nd time, > things apparently succeed because these rules aren't present, and thus > there's nothing there for shorewall to trip over and explode. > > So the bug seems to be the fact that using debug clobbers and fails to > restore the previous rules. > > That doesn't solve my problem, though. I'm still perusing through Google > and have yet to find a similar situation. It seems to me that some of > the libvirt-generated rules should be given treatment similar to the > docker rules. I'm not sure how this was done previously other than the > fact that everything worked as intended and I never bothered to audit > what was being done. > > Any insights or suggestions will be greatly appreciated. >
Shorewall has *never* had any integration with libvirt, so I am at a loss to explain how this ever worked (how the failing rule ever worked). Also, Shorewall's Docker integration is based on older versions of Docker so upgrading Docker can also result in problems. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
