Prompted by ending of 32 bit Linux support, I'm reimplementing a
firewall I set up in around 2014 to protect a school network from
arbitrary root-privilege actions by students on a bunch of Raspberry Pis.
As before, this is running under Linux Mint (Ubuntu-based), and this
time I installed Shorewall from the standard repository for the distro
(perhaps that was my mistake?) It's failing to start on boot even though
I have STARTUP_ENABLED=Yes in my shorewall.conf.
I thought it was related to the fact that sshd and apache2 are also
failing to start. This is because not all interfaces aren't up by the
time their startup scripts run. This, in turn, seems to be because the
16 IP address aliases on the school net NIC (NATted to local IPs of the
Raspberry Pis) are apparently taking around 25 seconds to initialise.
(Originally, I set these up manually but I'm now letting Shorewall do it
by setting ADD_IP_ALIASES=Yes, now Shorewall is taking 25 seconds to start.)
However, I now think that's a separate problem (perhaps I could add
/usr/share/shorewall/wait4ifup to their startup scripts) since nothing
appears in /var/log/shorewall.init until I manually start Shorewall.
Also, I was surprised to find that /etc/systemd/system/shorewall.service
didn't exist.
Are there any more diagnostics or fixes I can try before I try
uninstalling shorewall as installed from the repository and reinstalling
it using the tarball from shorewall.net? And should I include
shorewall-init? (The network switch to which the Pis re connected might
be switched off at the time the firewall is booted.)
Many thanks - Philip
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
