i'm running distro-pkg'd shorewall 5.2.3.7, on opensuse leap15.1.
it's deployed on my boxes as shorewall-lite + shorewall-init.
once up, it runs fine.
on upgrade by package manager, "Something(tm)" in the install process causes
the fw to immediately start blocking traffic.
if the upgrade's in the middle of a larger set of upgrades, it causes all
subsequent package updates to fail -- due to loss of network connectivity.
a restart of shorewall immediately fixes the problem ... and allows all traffic
-- upgrades, access, etc -- to continue without problem.
i reported this at distro
https://bugzilla.opensuse.org/show_bug.cgi?id=1166114
where dev was unable to reproduce.
eventually figured out one significant difference -- I run shorewall-init, the
dev does not.
atm, here
cat /etc/sysconfig/shorewall-init
PRODUCTS="shorewall-lite shorewall6-lite"
IFUPDOWN=0
LOGFILE=/var/log/shorewall/shorewall-ops.log
OPTIONS=""
i'm not clear whichh thread to pull at in troubleshooting ...
is it possible/likely that my use of shorewall-init is causal here?
since, in the -init config, i disable IFUPDOWN, and manage my IPSETs
externally, with own scripts, i'm wondering if -init's necessary/useful at all
... &/or if there's something fixable if i do leave it in place ?
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
