Hello:
I am a long time, very happy, Shorewall user. Many years ago I worked
near Tom E. and we had lunch together a few times. Hello Tom.
I had a stable configuration with a DSL provider and a cable provider and
it ran for years without problems, again thanks to a suggestion from Tom.
Recently I added a fiber provider but my system became unstable when I
added it into the mix. And I haven't been able to duplicate my original
DSL and cable configuration. The problem I have is that I haven't found
the right options in my providers and rtrules files and I hope people
on the list can help me out.
My goal is to respond to any inbound traffic on the original provider
link, that is, not having an asymmetric response.
I am running Shorewall 5.2.8 on a gentoo system. I run my internet
services on the firewall and have the rest of my machines on their own
interface. One service is an ntp server in the ntppool.org system.
When I first start Shorewall, everything seems ok. I can see ntp
packets come in on my public IP, on the dsl/eth0 line and the return
message immediately follows - for about 5 minutes, then the return
packets start going out the faster fiber line, so, obviously I don't
have proper tracking.
I have attached my shorewall.conf file, a shorewall dump file, and a
shorewall -T start log to this email. I do not have any mangle entries.
Here are condensed versions of all configuration files I have changed:
Any help is greatly appreciated. Thank you, Steve Herber.
zones ---------------------------------------------------------------------
fw firewall
loc ipv4
dsl ipv4
fib ipv4
cbl ipv4
interfaces ----------------------------------------------------------------
dsl eth0 # I have a static public IP address on this interface
loc eth1
cbl eth2 dhcp,optional
fib eth3 dhcp,optional
snat ----------------------------------------------------------------------
MASQUERADE - eth0
MASQUERADE - eth2
MASQUERADE - eth3
providers -----------------------------------------------------------------
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY
OPTIONS COPY
dsl 1 1 - eth0 detect
track,primary -
cbl 2 2 - eth2 detect
track,fallback -
fib 4 4 - eth3 detect
track,fallback -
rtrules -------------------------------------------------------------------
#SOURCE DEST PROVIDER PRIORITY
MASK
eth1 - fib 1500
eth1 - cbl 1000
eth1 - dsl 1600
policy --------------------------------------------------------------------
loc dsl ACCEPT
loc cbl ACCEPT
loc fib ACCEPT
loc fw ACCEPT
fw dsl ACCEPT
fw cbl ACCEPT
fw fib ACCEPT
fw loc ACCEPT
dsl all DROP none
cbl all DROP info
fib all DROP none
all all REJECT none
rules ---------------------------------------------------------------------
?SECTION NEW
DNAT dsl loc:192.168.168.10:980 tcp 6980
ACCEPT dsl fw tcp 6622 - - 4/min:3
ACCEPT cbl fw tcp 6622 - - 4/min:3
ACCEPT fib fw tcp 6622 - - 4/min:3
ACCEPT dsl fw tcp domain,rndc
ACCEPT dsl fw udp domain,rndc
ACCEPT cbl fw tcp domain,rndc
ACCEPT cbl fw udp domain,rndc
ACCEPT fib fw tcp domain,rndc
ACCEPT fib fw udp domain,rndc
ACCEPT dsl fw tcp auth,http,https,smtp,ntp
ACCEPT dsl fw udp http,https,ntp
ACCEPT cbl fw tcp http,https,ntp
ACCEPT cbl fw udp http,https,ntp
ACCEPT fib fw tcp http,https,ntp
ACCEPT fib fw udp http,https,ntp
DROP fib fw tcp netbios-ns
DROP fib fw udp netbios-ns
DROP fib fw tcp mdns
DROP fib fw udp mdns
ACCEPT dsl fw udp 51820
ACCEPT cbl fw udp 51820
ACCEPT fib fw udp 51820
Ping(ACCEPT) dsl fw
Ping(ACCEPT) cbl fw
Ping(ACCEPT) fib fw
Trcrt(ACCEPT) dsl fw
Trcrt(ACCEPT) cbl fw
Trcrt(ACCEPT) fib fw
Steve Herber her...@herber.us cell: 425-281-0355
Software Engineer, UW Medicine, IT Services
###############################################################################
#
# Shorewall Version 5 -- /etc/shorewall/shorewall.conf
#
# For information about the settings in this file, type "man shorewall.conf"
#
# Manpage also online at https://shorewall.org/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=Yes
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=2
###############################################################################
# P A G E R
###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/run/lock/shorewall
TC=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DOCKER=No
DOCKER_BRIDGE=docker0
DONT_LOAD=
DYNAMIC_BLACKLIST=ipset,timeout=0
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
#LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
+ option=V
+ '[' -n V ']'
+ case $option in
+ option=
+ '[' -z '' -a 5 -gt 0 ']'
+ shift
+ option=2
+ '[' -n 2 ']'
+ case $option in
+ VERBOSITY=2
+ option=
+ '[' -n '' ']'
+ shift
+ '[' 0 -eq 0 -a 3 -gt 0 ']'
+ option=-R
+ case $option in
+ option=R
+ '[' -z R ']'
+ '[' -n R ']'
+ case $option in
+ option=
+ '[' -z '' -a 3 -gt 0 ']'
+ shift
+ option=restore
+ '[' -n restore ']'
+ case $option in
+ RESTOREFILE=restore
+ option=
+ '[' -n '' ']'
+ shift
+ '[' 0 -eq 0 -a 1 -gt 0 ']'
+ option=start
+ case $option in
+ finished=1
+ '[' 1 -eq 0 -a 1 -gt 0 ']'
+ COMMAND=start
+ case "$COMMAND" in
+ '[' 1 -ne 1 ']'
+ start_command
+ product_is_started
+ qt1 /sbin/iptables --wait -L shorewall -n
+ local status
+ '[' 1 ']'
+ /sbin/iptables --wait -L shorewall -n
+ status=1
+ '[' 1 -ne 4 ']'
+ return 1
+ progress_message3 'Starting Shorewall....'
+ local timestamp
+ timestamp=
+ '[' 2 -ge 0 ']'
+ '[' -n '' ']'
+ echo 'Starting Shorewall....'
Starting Shorewall....
+ '[' 2 -ge 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:28 '
+ echo 'Jan 1 16:55:28 Starting Shorewall....'
+ detect_configuration
+ local interface
+ interface=
+ '[' -n '' ']'
+ '[' -z '' -o '' = eth3 ']'
++ find_first_interface_address_if_any eth3
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth3
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3'
++ '[' -n ' inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3' ']'
++ echo inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH3_ADDRESS=192.168.1.10
+ '[' -z '' -o '' = eth0 ']'
++ find_first_interface_address eth0
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth0
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0'
++ '[' -n ' inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0' ']'
++ echo inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH0_ADDRESS=199.254.229.43
+ '[' -z '' -o '' = eth2 ']'
++ find_first_interface_address_if_any eth2
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth2
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2'
++ '[' -n ' inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2' ']'
++ echo inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic noprefixroute eth2
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH2_ADDRESS=10.0.0.47
+ '[' -z '' -o '' = eth3 ']'
+ '[' -n '' ']'
++ detect_gateway eth3 4
++ local interface
++ interface=eth3
++ local gateway
+++ detect_dynamic_gateway eth3
+++ local interface
+++ interface=eth3
+++ local GATEWAYS
+++ GATEWAYS=
+++ local gateway
+++ local file
++++ run_findgw_exit eth3
++++ true
+++ gateway=
+++ '[' -z '' ']'
+++++ ip addr list eth3
++++ find_peer 5: eth3: '<BROADCAST,MULTICAST,UP,LOWER_UP>' mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000 link/ether 00:e0:4c:68:01:6e brd
ff:ff:ff:ff:ff:ff inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3
valid_lft forever preferred_lft forever inet 97.126.130.169/19 brd
97.126.159.255 scope global dynamic noprefixroute eth3 valid_lft 1779sec
preferred_lft 1554sec
++++ '[' 41 -gt 1 ']'
++++ '[' x5: = xpeer ']'
++++ shift
++++ '[' 40 -gt 1 ']'
++++ '[' xeth3: = xpeer ']'
++++ shift
++++ '[' 39 -gt 1 ']'
++++ '[' 'x<BROADCAST,MULTICAST,UP,LOWER_UP>' = xpeer ']'
++++ shift
++++ '[' 38 -gt 1 ']'
++++ '[' xmtu = xpeer ']'
++++ shift
++++ '[' 37 -gt 1 ']'
++++ '[' x1500 = xpeer ']'
++++ shift
++++ '[' 36 -gt 1 ']'
++++ '[' xqdisc = xpeer ']'
++++ shift
++++ '[' 35 -gt 1 ']'
++++ '[' xpfifo_fast = xpeer ']'
++++ shift
++++ '[' 34 -gt 1 ']'
++++ '[' xstate = xpeer ']'
++++ shift
++++ '[' 33 -gt 1 ']'
++++ '[' xUP = xpeer ']'
++++ shift
++++ '[' 32 -gt 1 ']'
++++ '[' xgroup = xpeer ']'
++++ shift
++++ '[' 31 -gt 1 ']'
++++ '[' xdefault = xpeer ']'
++++ shift
++++ '[' 30 -gt 1 ']'
++++ '[' xqlen = xpeer ']'
++++ shift
++++ '[' 29 -gt 1 ']'
++++ '[' x1000 = xpeer ']'
++++ shift
++++ '[' 28 -gt 1 ']'
++++ '[' xlink/ether = xpeer ']'
++++ shift
++++ '[' 27 -gt 1 ']'
++++ '[' x00:e0:4c:68:01:6e = xpeer ']'
++++ shift
++++ '[' 26 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 25 -gt 1 ']'
++++ '[' xff:ff:ff:ff:ff:ff = xpeer ']'
++++ shift
++++ '[' 24 -gt 1 ']'
++++ '[' xinet = xpeer ']'
++++ shift
++++ '[' 23 -gt 1 ']'
++++ '[' x192.168.1.10/24 = xpeer ']'
++++ shift
++++ '[' 22 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 21 -gt 1 ']'
++++ '[' x192.168.1.255 = xpeer ']'
++++ shift
++++ '[' 20 -gt 1 ']'
++++ '[' xscope = xpeer ']'
++++ shift
++++ '[' 19 -gt 1 ']'
++++ '[' xglobal = xpeer ']'
++++ shift
++++ '[' 18 -gt 1 ']'
++++ '[' xeth3 = xpeer ']'
++++ shift
++++ '[' 17 -gt 1 ']'
++++ '[' xvalid_lft = xpeer ']'
++++ shift
++++ '[' 16 -gt 1 ']'
++++ '[' xforever = xpeer ']'
++++ shift
++++ '[' 15 -gt 1 ']'
++++ '[' xpreferred_lft = xpeer ']'
++++ shift
++++ '[' 14 -gt 1 ']'
++++ '[' xforever = xpeer ']'
++++ shift
++++ '[' 13 -gt 1 ']'
++++ '[' xinet = xpeer ']'
++++ shift
++++ '[' 12 -gt 1 ']'
++++ '[' x97.126.130.169/19 = xpeer ']'
++++ shift
++++ '[' 11 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 10 -gt 1 ']'
++++ '[' x97.126.159.255 = xpeer ']'
++++ shift
++++ '[' 9 -gt 1 ']'
++++ '[' xscope = xpeer ']'
++++ shift
++++ '[' 8 -gt 1 ']'
++++ '[' xglobal = xpeer ']'
++++ shift
++++ '[' 7 -gt 1 ']'
++++ '[' xdynamic = xpeer ']'
++++ shift
++++ '[' 6 -gt 1 ']'
++++ '[' xnoprefixroute = xpeer ']'
++++ shift
++++ '[' 5 -gt 1 ']'
++++ '[' xeth3 = xpeer ']'
++++ shift
++++ '[' 4 -gt 1 ']'
++++ '[' xvalid_lft = xpeer ']'
++++ shift
++++ '[' 3 -gt 1 ']'
++++ '[' x1779sec = xpeer ']'
++++ shift
++++ '[' 2 -gt 1 ']'
++++ '[' xpreferred_lft = xpeer ']'
++++ shift
++++ '[' 1 -gt 1 ']'
+++ gateway=
+++ file=/var/lib/dhcpcd/dhcpcd-eth3.info
+++ '[' -z '' -a -f /var/lib/dhcpcd/dhcpcd-eth3.info ']'
+++ for file in "${VARLIB}/dhcp/dhclient-${1}.lease"
"${VARLIB}/dhcp/dhclient.${1}.leases"
+++ '[' -n '' ']'
+++ '[' -f /var/lib/dhcp/dhclient-eth3.lease ']'
+++ for file in "${VARLIB}/dhcp/dhclient-${1}.lease"
"${VARLIB}/dhcp/dhclient.${1}.leases"
+++ '[' -n '' ']'
+++ '[' -f /var/lib/dhcp/dhclient.eth3.leases ']'
++++ mywhich nmcli
++++ local dir
+++++ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+++++ local ifs
+++++ ifs='
'
+++++ IFS=:
+++++ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin
+++++ IFS='
'
++++ for dir in $(split $PATH)
++++ '[' -x /sbin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/sbin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/local/bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/local/sbin/nmcli ']'
++++ return 2
+++ '[' -z '' -a -n '' ']'
+++ '[' -n '' ']'
++ gateway=
++ '[' -n '' ']'
++++ ip -4 route list dev eth3
++++ grep '^default'
+++ find_gateway default via 97.126.128.1 proto dhcp src 97.126.130.169 metric 5
+++ '[' 9 -gt 1 ']'
+++ '[' xdefault = xvia ']'
+++ shift
+++ '[' 8 -gt 1 ']'
+++ '[' xvia = xvia ']'
+++ echo 97.126.128.1
+++ return
++ gateway=97.126.128.1
++ '[' -z 97.126.128.1 -a -n 4 ']'
++ '[' -n 97.126.128.1 ']'
++ '[' -n 97.126.128.1 ']'
++ echo 97.126.128.1
+ SW_ETH3_GATEWAY=97.126.128.1
+ '[' -z '' -o '' = eth0 ']'
+ '[' -n '' ']'
++ detect_gateway eth0 1
++ local interface
++ interface=eth0
++ local gateway
+++ detect_dynamic_gateway eth0
+++ local interface
+++ interface=eth0
+++ local GATEWAYS
+++ GATEWAYS=
+++ local gateway
+++ local file
++++ run_findgw_exit eth0
++++ true
+++ gateway=
+++ '[' -z '' ']'
+++++ ip addr list eth0
++++ find_peer 2: eth0: '<BROADCAST,MULTICAST,UP,LOWER_UP>' mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000 link/ether 74:27:ea:e6:84:48 brd
ff:ff:ff:ff:ff:ff inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0
valid_lft forever preferred_lft forever inet 192.168.0.99/24 brd 192.168.0.255
scope global eth0 valid_lft forever preferred_lft forever
++++ '[' 39 -gt 1 ']'
++++ '[' x2: = xpeer ']'
++++ shift
++++ '[' 38 -gt 1 ']'
++++ '[' xeth0: = xpeer ']'
++++ shift
++++ '[' 37 -gt 1 ']'
++++ '[' 'x<BROADCAST,MULTICAST,UP,LOWER_UP>' = xpeer ']'
++++ shift
++++ '[' 36 -gt 1 ']'
++++ '[' xmtu = xpeer ']'
++++ shift
++++ '[' 35 -gt 1 ']'
++++ '[' x1500 = xpeer ']'
++++ shift
++++ '[' 34 -gt 1 ']'
++++ '[' xqdisc = xpeer ']'
++++ shift
++++ '[' 33 -gt 1 ']'
++++ '[' xpfifo_fast = xpeer ']'
++++ shift
++++ '[' 32 -gt 1 ']'
++++ '[' xstate = xpeer ']'
++++ shift
++++ '[' 31 -gt 1 ']'
++++ '[' xUP = xpeer ']'
++++ shift
++++ '[' 30 -gt 1 ']'
++++ '[' xgroup = xpeer ']'
++++ shift
++++ '[' 29 -gt 1 ']'
++++ '[' xdefault = xpeer ']'
++++ shift
++++ '[' 28 -gt 1 ']'
++++ '[' xqlen = xpeer ']'
++++ shift
++++ '[' 27 -gt 1 ']'
++++ '[' x1000 = xpeer ']'
++++ shift
++++ '[' 26 -gt 1 ']'
++++ '[' xlink/ether = xpeer ']'
++++ shift
++++ '[' 25 -gt 1 ']'
++++ '[' x74:27:ea:e6:84:48 = xpeer ']'
++++ shift
++++ '[' 24 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 23 -gt 1 ']'
++++ '[' xff:ff:ff:ff:ff:ff = xpeer ']'
++++ shift
++++ '[' 22 -gt 1 ']'
++++ '[' xinet = xpeer ']'
++++ shift
++++ '[' 21 -gt 1 ']'
++++ '[' x199.254.229.43/24 = xpeer ']'
++++ shift
++++ '[' 20 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 19 -gt 1 ']'
++++ '[' x199.254.229.255 = xpeer ']'
++++ shift
++++ '[' 18 -gt 1 ']'
++++ '[' xscope = xpeer ']'
++++ shift
++++ '[' 17 -gt 1 ']'
++++ '[' xglobal = xpeer ']'
++++ shift
++++ '[' 16 -gt 1 ']'
++++ '[' xeth0 = xpeer ']'
++++ shift
++++ '[' 15 -gt 1 ']'
++++ '[' xvalid_lft = xpeer ']'
++++ shift
++++ '[' 14 -gt 1 ']'
++++ '[' xforever = xpeer ']'
++++ shift
++++ '[' 13 -gt 1 ']'
++++ '[' xpreferred_lft = xpeer ']'
++++ shift
++++ '[' 12 -gt 1 ']'
++++ '[' xforever = xpeer ']'
++++ shift
++++ '[' 11 -gt 1 ']'
++++ '[' xinet = xpeer ']'
++++ shift
++++ '[' 10 -gt 1 ']'
++++ '[' x192.168.0.99/24 = xpeer ']'
++++ shift
++++ '[' 9 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 8 -gt 1 ']'
++++ '[' x192.168.0.255 = xpeer ']'
++++ shift
++++ '[' 7 -gt 1 ']'
++++ '[' xscope = xpeer ']'
++++ shift
++++ '[' 6 -gt 1 ']'
++++ '[' xglobal = xpeer ']'
++++ shift
++++ '[' 5 -gt 1 ']'
++++ '[' xeth0 = xpeer ']'
++++ shift
++++ '[' 4 -gt 1 ']'
++++ '[' xvalid_lft = xpeer ']'
++++ shift
++++ '[' 3 -gt 1 ']'
++++ '[' xforever = xpeer ']'
++++ shift
++++ '[' 2 -gt 1 ']'
++++ '[' xpreferred_lft = xpeer ']'
++++ shift
++++ '[' 1 -gt 1 ']'
+++ gateway=
+++ file=/var/lib/dhcpcd/dhcpcd-eth0.info
+++ '[' -z '' -a -f /var/lib/dhcpcd/dhcpcd-eth0.info ']'
+++ for file in "${VARLIB}/dhcp/dhclient-${1}.lease"
"${VARLIB}/dhcp/dhclient.${1}.leases"
+++ '[' -n '' ']'
+++ '[' -f /var/lib/dhcp/dhclient-eth0.lease ']'
+++ for file in "${VARLIB}/dhcp/dhclient-${1}.lease"
"${VARLIB}/dhcp/dhclient.${1}.leases"
+++ '[' -n '' ']'
+++ '[' -f /var/lib/dhcp/dhclient.eth0.leases ']'
++++ mywhich nmcli
++++ local dir
+++++ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+++++ local ifs
+++++ ifs='
'
+++++ IFS=:
+++++ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin
+++++ IFS='
'
++++ for dir in $(split $PATH)
++++ '[' -x /sbin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/sbin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/local/bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/local/sbin/nmcli ']'
++++ return 2
+++ '[' -z '' -a -n '' ']'
+++ '[' -n '' ']'
++ gateway=
++ '[' -n '' ']'
++++ ip -4 route list dev eth0
++++ grep '^default'
+++ find_gateway default via 199.254.229.1 metric 2
+++ '[' 5 -gt 1 ']'
+++ '[' xdefault = xvia ']'
+++ shift
+++ '[' 4 -gt 1 ']'
+++ '[' xvia = xvia ']'
+++ echo 199.254.229.1
+++ return
++ gateway=199.254.229.1
++ '[' -z 199.254.229.1 -a -n 1 ']'
++ '[' -n 199.254.229.1 ']'
++ '[' -n 199.254.229.1 ']'
++ echo 199.254.229.1
+ SW_ETH0_GATEWAY=199.254.229.1
+ '[' -n 199.254.229.1 ']'
+ '[' -z '' -o '' = eth2 ']'
+ '[' -n '' ']'
++ detect_gateway eth2 2
++ local interface
++ interface=eth2
++ local gateway
+++ detect_dynamic_gateway eth2
+++ local interface
+++ interface=eth2
+++ local GATEWAYS
+++ GATEWAYS=
+++ local gateway
+++ local file
++++ run_findgw_exit eth2
++++ true
+++ gateway=
+++ '[' -z '' ']'
+++++ ip addr list eth2
++++ find_peer 4: eth2: '<BROADCAST,MULTICAST,UP,LOWER_UP>' mtu 1500 qdisc
pfifo_fast state UP group default qlen 1000 link/ether 00:1b:21:a1:2d:73 brd
ff:ff:ff:ff:ff:ff inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2 valid_lft 160781sec preferred_lft 139181sec
++++ '[' 30 -gt 1 ']'
++++ '[' x4: = xpeer ']'
++++ shift
++++ '[' 29 -gt 1 ']'
++++ '[' xeth2: = xpeer ']'
++++ shift
++++ '[' 28 -gt 1 ']'
++++ '[' 'x<BROADCAST,MULTICAST,UP,LOWER_UP>' = xpeer ']'
++++ shift
++++ '[' 27 -gt 1 ']'
++++ '[' xmtu = xpeer ']'
++++ shift
++++ '[' 26 -gt 1 ']'
++++ '[' x1500 = xpeer ']'
++++ shift
++++ '[' 25 -gt 1 ']'
++++ '[' xqdisc = xpeer ']'
++++ shift
++++ '[' 24 -gt 1 ']'
++++ '[' xpfifo_fast = xpeer ']'
++++ shift
++++ '[' 23 -gt 1 ']'
++++ '[' xstate = xpeer ']'
++++ shift
++++ '[' 22 -gt 1 ']'
++++ '[' xUP = xpeer ']'
++++ shift
++++ '[' 21 -gt 1 ']'
++++ '[' xgroup = xpeer ']'
++++ shift
++++ '[' 20 -gt 1 ']'
++++ '[' xdefault = xpeer ']'
++++ shift
++++ '[' 19 -gt 1 ']'
++++ '[' xqlen = xpeer ']'
++++ shift
++++ '[' 18 -gt 1 ']'
++++ '[' x1000 = xpeer ']'
++++ shift
++++ '[' 17 -gt 1 ']'
++++ '[' xlink/ether = xpeer ']'
++++ shift
++++ '[' 16 -gt 1 ']'
++++ '[' x00:1b:21:a1:2d:73 = xpeer ']'
++++ shift
++++ '[' 15 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 14 -gt 1 ']'
++++ '[' xff:ff:ff:ff:ff:ff = xpeer ']'
++++ shift
++++ '[' 13 -gt 1 ']'
++++ '[' xinet = xpeer ']'
++++ shift
++++ '[' 12 -gt 1 ']'
++++ '[' x10.0.0.47/24 = xpeer ']'
++++ shift
++++ '[' 11 -gt 1 ']'
++++ '[' xbrd = xpeer ']'
++++ shift
++++ '[' 10 -gt 1 ']'
++++ '[' x10.0.0.255 = xpeer ']'
++++ shift
++++ '[' 9 -gt 1 ']'
++++ '[' xscope = xpeer ']'
++++ shift
++++ '[' 8 -gt 1 ']'
++++ '[' xglobal = xpeer ']'
++++ shift
++++ '[' 7 -gt 1 ']'
++++ '[' xdynamic = xpeer ']'
++++ shift
++++ '[' 6 -gt 1 ']'
++++ '[' xnoprefixroute = xpeer ']'
++++ shift
++++ '[' 5 -gt 1 ']'
++++ '[' xeth2 = xpeer ']'
++++ shift
++++ '[' 4 -gt 1 ']'
++++ '[' xvalid_lft = xpeer ']'
++++ shift
++++ '[' 3 -gt 1 ']'
++++ '[' x160781sec = xpeer ']'
++++ shift
++++ '[' 2 -gt 1 ']'
++++ '[' xpreferred_lft = xpeer ']'
++++ shift
++++ '[' 1 -gt 1 ']'
+++ gateway=
+++ file=/var/lib/dhcpcd/dhcpcd-eth2.info
+++ '[' -z '' -a -f /var/lib/dhcpcd/dhcpcd-eth2.info ']'
+++ for file in "${VARLIB}/dhcp/dhclient-${1}.lease"
"${VARLIB}/dhcp/dhclient.${1}.leases"
+++ '[' -n '' ']'
+++ '[' -f /var/lib/dhcp/dhclient-eth2.lease ']'
+++ for file in "${VARLIB}/dhcp/dhclient-${1}.lease"
"${VARLIB}/dhcp/dhclient.${1}.leases"
+++ '[' -n '' ']'
+++ '[' -f /var/lib/dhcp/dhclient.eth2.leases ']'
++++ mywhich nmcli
++++ local dir
+++++ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+++++ local ifs
+++++ ifs='
'
+++++ IFS=:
+++++ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin
+++++ IFS='
'
++++ for dir in $(split $PATH)
++++ '[' -x /sbin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/sbin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/local/bin/nmcli ']'
++++ for dir in $(split $PATH)
++++ '[' -x /usr/local/sbin/nmcli ']'
++++ return 2
+++ '[' -z '' -a -n '' ']'
+++ '[' -n '' ']'
++ gateway=
++ '[' -n '' ']'
++++ ip -4 route list dev eth2
++++ grep '^default'
+++ find_gateway
+++ '[' 0 -gt 1 ']'
++ gateway=
++ '[' -z '' -a -n 2 ']'
++++ ip -4 route list dev eth2 table 2
++++ grep '^default'
Error: ipv4: FIB table does not exist.
Dump terminated
+++ find_gateway
+++ '[' 0 -gt 1 ']'
++ gateway=
++ '[' -n '' ']'
+++ find_nexthop eth2
+++++ ip -4 route list
+++++ grep '[[:space:]]nexthop.* eth2'
++++ find_gateway
++++ '[' 0 -gt 1 ']'
+++ echo
++ gateway=
++ '[' -n '' ']'
+ SW_ETH2_GATEWAY=
++ find_first_interface_address_if_any eth3
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth3
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3'
++ '[' -n ' inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3' ']'
++ echo inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH3_ADDRESS=192.168.1.10
++ find_first_interface_address eth0
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth0
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0'
++ '[' -n ' inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0' ']'
++ echo inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH0_ADDRESS=199.254.229.43
++ find_first_interface_address_if_any eth2
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth2
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2'
++ '[' -n ' inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2' ']'
++ echo inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic noprefixroute eth2
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ SW_ETH2_ADDRESS=10.0.0.47
+ SW_ETH2_IS_USABLE=
+ SW_ETH3_IS_USABLE=
+ '[' -z '' -o '' = eth2 ']'
+ interface_is_usable eth2
+ local status
+ status=0
+ loopback_interface eth2
+ '[' eth2 = lo ']'
+ ip link show eth2
+ fgrep -q LOOPBACK
+ interface_is_up eth2
++ ip -4 link list dev eth2
++ grep -e '[<,]UP[,>]'
+ '[' -n '4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT group default qlen 1000' ']'
++ find_first_interface_address_if_any eth2
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth2
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2'
++ '[' -n ' inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic
noprefixroute eth2' ']'
++ echo inet 10.0.0.47/24 brd 10.0.0.255 scope global dynamic noprefixroute eth2
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ '[' 10.0.0.47 '!=' 0.0.0.0 ']'
++ ip -4 link list dev eth2
++ fgrep 'state DOWN'
+ '[' -z '' ']'
+ '[' start '!=' enable ']'
+ '[' '!' -f /var/lib/shorewall/eth2_disabled ']'
+ run_isusable_exit eth2
+ true
+ status=0
+ return 0
+ '[' -n '' ']'
+ '[' -z '' -o '' = eth3 ']'
+ interface_is_usable eth3
+ local status
+ status=0
+ loopback_interface eth3
+ '[' eth3 = lo ']'
+ ip link show eth3
+ fgrep -q LOOPBACK
+ interface_is_up eth3
++ ip -4 link list dev eth3
++ grep -e '[<,]UP[,>]'
+ '[' -n '5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT group default qlen 1000' ']'
++ find_first_interface_address_if_any eth3
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth3
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3'
++ '[' -n ' inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3' ']'
++ echo inet 192.168.1.10/24 brd 192.168.1.255 scope global eth3
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ '[' 192.168.1.10 '!=' 0.0.0.0 ']'
++ ip -4 link list dev eth3
++ fgrep 'state DOWN'
+ '[' -z '' ']'
+ '[' start '!=' enable ']'
+ '[' '!' -f /var/lib/shorewall/eth3_disabled ']'
+ run_isusable_exit eth3
+ true
+ status=0
+ return 0
+ '[' -n 97.126.128.1 ']'
+ SW_ETH3_IS_USABLE=Yes
+ define_firewall
+ local options
+ progress_message2 Initializing...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Initializing...
Initializing...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:28 '
+ echo 'Jan 1 16:55:28 Initializing...'
+ echo 'MODULESDIR=""'
+ cat
+ reload_kernel_modules
+ local save_modules_dir
+ save_modules_dir=
+ local directory
+ local moduledirectories
+ moduledirectories=
+ local moduleloader
+ moduleloader=modprobe
+ local uname
+ local extras
+ qt mywhich modprobe
+ mywhich modprobe
+ '[' -n '' ']'
+ '[' -z '' ']'
++ uname -r
+ uname=6.1.67-gentoo-x86_64
+
MODULESDIR=/lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter:/lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter:/lib/modules/6.1.67-gentoo-x86_64/kernel/net/sched:/lib/modules/6.1.67-gentoo-x86_64/extra:/lib/modules/6.1.67-gentoo-x86_64/extra/ipset
+ '[' -n '' ']'
+ '[' -d /sys/module/ ']'
++ split
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter:/lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter:/lib/modules/6.1.67-gentoo-x86_64/kernel/net/sched:/lib/modules/6.1.67-gentoo-x86_64/extra:/lib/modules/6.1.67-gentoo-x86_64/extra/ipset
++ local ifs
++ ifs='
'
++ IFS=:
++ echo /lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/sched
/lib/modules/6.1.67-gentoo-x86_64/extra
/lib/modules/6.1.67-gentoo-x86_64/extra/ipset
++ IFS='
'
+ for directory in $(split $MODULESDIR)
+ '[' -d /lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter ']'
+ moduledirectories='
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter'
+ for directory in $(split $MODULESDIR)
+ '[' -d /lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter ']'
+ moduledirectories='
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter'
+ for directory in $(split $MODULESDIR)
+ '[' -d /lib/modules/6.1.67-gentoo-x86_64/kernel/net/sched ']'
+ moduledirectories='
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/sched'
+ for directory in $(split $MODULESDIR)
+ '[' -d /lib/modules/6.1.67-gentoo-x86_64/extra ']'
+ for directory in $(split $MODULESDIR)
+ '[' -d /lib/modules/6.1.67-gentoo-x86_64/extra/ipset ']'
+ '[' -n ' /lib/modules/6.1.67-gentoo-x86_64/kernel/net/ipv4/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/netfilter
/lib/modules/6.1.67-gentoo-x86_64/kernel/net/sched' ']'
+ read command
+ eval loadmodule nf_conntrack_ftp
++ loadmodule nf_conntrack_ftp
++ local modulename
++ modulename=nf_conntrack_ftp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_ftp
++ local e
++ e=nf_conntrack_ftp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_ftp ']'
+ read command
+ eval loadmodule nf_conntrack_h323
++ loadmodule nf_conntrack_h323
++ local modulename
++ modulename=nf_conntrack_h323
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_h323
++ local e
++ e=nf_conntrack_h323
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_h323 ']'
+ read command
+ eval loadmodule nf_conntrack_irc
++ loadmodule nf_conntrack_irc
++ local modulename
++ modulename=nf_conntrack_irc
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_irc
++ local e
++ e=nf_conntrack_irc
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_irc ']'
+ read command
+ eval loadmodule nf_conntrack_netbios_ns
++ loadmodule nf_conntrack_netbios_ns
++ local modulename
++ modulename=nf_conntrack_netbios_ns
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_netbios_ns
++ local e
++ e=nf_conntrack_netbios_ns
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_netbios_ns ']'
+ read command
+ eval loadmodule nf_conntrack_netlink
++ loadmodule nf_conntrack_netlink
++ local modulename
++ modulename=nf_conntrack_netlink
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_netlink
++ local e
++ e=nf_conntrack_netlink
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_netlink ']'
+ read command
+ eval loadmodule nf_conntrack_pptp
++ loadmodule nf_conntrack_pptp
++ local modulename
++ modulename=nf_conntrack_pptp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_pptp
++ local e
++ e=nf_conntrack_pptp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_pptp ']'
+ read command
+ eval loadmodule nf_conntrack_proto_gre
++ loadmodule nf_conntrack_proto_gre
++ local modulename
++ modulename=nf_conntrack_proto_gre
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_proto_gre
++ local e
++ e=nf_conntrack_proto_gre
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_proto_gre ']'
++ case $moduleloader in
++ modprobe -q nf_conntrack_proto_gre
+ read command
+ eval loadmodule nf_conntrack_proto_sctp
++ loadmodule nf_conntrack_proto_sctp
++ local modulename
++ modulename=nf_conntrack_proto_sctp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_proto_sctp
++ local e
++ e=nf_conntrack_proto_sctp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_proto_sctp ']'
++ case $moduleloader in
++ modprobe -q nf_conntrack_proto_sctp
+ read command
+ eval loadmodule nf_conntrack_proto_udplite
++ loadmodule nf_conntrack_proto_udplite
++ local modulename
++ modulename=nf_conntrack_proto_udplite
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_proto_udplite
++ local e
++ e=nf_conntrack_proto_udplite
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_proto_udplite ']'
++ case $moduleloader in
++ modprobe -q nf_conntrack_proto_udplite
+ read command
+ eval loadmodule nf_conntrack_sip sip_direct_media=0
++ loadmodule nf_conntrack_sip sip_direct_media=0
++ local modulename
++ modulename=nf_conntrack_sip
++ shift
++ local moduleoptions
++ moduleoptions=sip_direct_media=0
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_sip
++ local e
++ e=nf_conntrack_sip
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_sip ']'
+ read command
+ eval loadmodule nf_conntrack_tftp
++ loadmodule nf_conntrack_tftp
++ local modulename
++ modulename=nf_conntrack_tftp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_tftp
++ local e
++ e=nf_conntrack_tftp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_tftp ']'
+ read command
+ eval loadmodule nf_conntrack_sane
++ loadmodule nf_conntrack_sane
++ local modulename
++ modulename=nf_conntrack_sane
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_conntrack_sane
++ local e
++ e=nf_conntrack_sane
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_conntrack_sane ']'
+ read command
+ eval loadmodule nf_nat_amanda
++ loadmodule nf_nat_amanda
++ local modulename
++ modulename=nf_nat_amanda
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_amanda
++ local e
++ e=nf_nat_amanda
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_amanda ']'
+ read command
+ eval loadmodule nf_nat_ftp
++ loadmodule nf_nat_ftp
++ local modulename
++ modulename=nf_nat_ftp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_ftp
++ local e
++ e=nf_nat_ftp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_ftp ']'
+ read command
+ eval loadmodule nf_nat_h323
++ loadmodule nf_nat_h323
++ local modulename
++ modulename=nf_nat_h323
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_h323
++ local e
++ e=nf_nat_h323
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_h323 ']'
+ read command
+ eval loadmodule nf_nat_irc
++ loadmodule nf_nat_irc
++ local modulename
++ modulename=nf_nat_irc
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_irc
++ local e
++ e=nf_nat_irc
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_irc ']'
+ read command
+ eval loadmodule nf_nat
++ loadmodule nf_nat
++ local modulename
++ modulename=nf_nat
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat
++ local e
++ e=nf_nat
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat ']'
+ read command
+ eval loadmodule nf_nat_pptp
++ loadmodule nf_nat_pptp
++ local modulename
++ modulename=nf_nat_pptp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_pptp
++ local e
++ e=nf_nat_pptp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_pptp ']'
+ read command
+ eval loadmodule nf_nat_proto_gre
++ loadmodule nf_nat_proto_gre
++ local modulename
++ modulename=nf_nat_proto_gre
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_proto_gre
++ local e
++ e=nf_nat_proto_gre
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_proto_gre ']'
++ case $moduleloader in
++ modprobe -q nf_nat_proto_gre
+ read command
+ eval loadmodule nf_nat_sip
++ loadmodule nf_nat_sip
++ local modulename
++ modulename=nf_nat_sip
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_sip
++ local e
++ e=nf_nat_sip
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_sip ']'
+ read command
+ eval loadmodule nf_nat_snmp_basic
++ loadmodule nf_nat_snmp_basic
++ local modulename
++ modulename=nf_nat_snmp_basic
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_snmp_basic
++ local e
++ e=nf_nat_snmp_basic
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_snmp_basic ']'
+ read command
+ eval loadmodule nf_nat_tftp
++ loadmodule nf_nat_tftp
++ local modulename
++ modulename=nf_nat_tftp
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_nat_tftp
++ local e
++ e=nf_nat_tftp
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_nat_tftp ']'
+ read command
+ eval loadmodule ipt_LOG
++ loadmodule ipt_LOG
++ local modulename
++ modulename=ipt_LOG
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search ipt_LOG
++ local e
++ e=ipt_LOG
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/ipt_LOG ']'
++ case $moduleloader in
++ modprobe -q ipt_LOG
+ read command
+ eval loadmodule nf_log_ipv4
++ loadmodule nf_log_ipv4
++ local modulename
++ modulename=nf_log_ipv4
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nf_log_ipv4
++ local e
++ e=nf_log_ipv4
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nf_log_ipv4 ']'
++ case $moduleloader in
++ modprobe -q nf_log_ipv4
+ read command
+ eval loadmodule xt_LOG
++ loadmodule xt_LOG
++ local modulename
++ modulename=xt_LOG
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search xt_LOG
++ local e
++ e=xt_LOG
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/xt_LOG ']'
+ read command
+ eval loadmodule xt_NFLOG
++ loadmodule xt_NFLOG
++ local modulename
++ modulename=xt_NFLOG
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search xt_NFLOG
++ local e
++ e=xt_NFLOG
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/xt_NFLOG ']'
+ read command
+ eval loadmodule nfnetlink_log
++ loadmodule nfnetlink_log
++ local modulename
++ modulename=nfnetlink_log
++ shift
++ local moduleoptions
++ moduleoptions=
++ local modulefile
++ local suffix
++ '[' -d /sys/module/ ']'
++ list_search nfnetlink_log
++ local e
++ e=nfnetlink_log
++ '[' 1 -gt 1 ']'
++ return 1
++ '[' '!' -d /sys/module/nfnetlink_log ']'
+ read command
+ MODULESDIR=
+ run_init_exit
+ progress_message2 Processing /etc/shorewall/init ...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Processing /etc/shorewall/init ...
Processing /etc/shorewall/init ...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:28 '
+ echo 'Jan 1 16:55:28 Processing' /etc/shorewall/init ...
+ load_ipsets
+ case $IPSET in
++ mywhich ipset
++ local dir
+++ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+++ local ifs
+++ ifs='
'
+++ IFS=:
+++ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin
+++ IFS='
'
++ for dir in $(split $PATH)
++ '[' -x /sbin/ipset ']'
++ for dir in $(split $PATH)
++ '[' -x /bin/ipset ']'
++ for dir in $(split $PATH)
++ '[' -x /usr/sbin/ipset ']'
++ echo /usr/sbin/ipset
++ return 0
+ IPSET=/usr/sbin/ipset
+ '[' -n /usr/sbin/ipset ']'
+ '[' start = start ']'
+ qt /usr/sbin/ipset list SW_DBL4
+ /usr/sbin/ipset list SW_DBL4
+ '[' start = reload ']'
+ rm -f /var/lib/shorewall/.UPnP
+ rm -f /var/lib/shorewall/.forwardUPnP
+ qt1 /sbin/iptables -L shorewall -n
+ local status
+ '[' 1 ']'
+ /sbin/iptables -L shorewall -n
+ status=1
+ '[' 1 -ne 4 ']'
+ return 1
+ delete_proxyarp
+ '[' -f /var/lib/shorewall/proxyarp ']'
+ '[' -f /var/lib/shorewall/nat ']'
+ delete_tc1
+ run_tcclear_exit
+ progress_message2 Processing /etc/shorewall/tcclear ...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Processing /etc/shorewall/tcclear ...
Processing /etc/shorewall/tcclear ...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:28 '
+ echo 'Jan 1 16:55:28 Processing' /etc/shorewall/tcclear ...
+ run_ip link list
+ ip -4 link list
+ read inx interface details
+ case $inx in
+ clear_one_tc lo
+ tc qdisc del dev lo root
+ tc qdisc del dev lo ingress
+ read inx interface details
+ case $inx in
+ read inx interface details
+ case $inx in
+ clear_one_tc eth0
+ tc qdisc del dev eth0 root
+ tc qdisc del dev eth0 ingress
+ read inx interface details
+ case $inx in
+ read inx interface details
+ case $inx in
+ clear_one_tc eth1
+ tc qdisc del dev eth1 root
+ tc qdisc del dev eth1 ingress
+ read inx interface details
+ case $inx in
+ read inx interface details
+ case $inx in
+ clear_one_tc eth2
+ tc qdisc del dev eth2 root
+ tc qdisc del dev eth2 ingress
+ read inx interface details
+ case $inx in
+ read inx interface details
+ case $inx in
+ clear_one_tc eth3
+ tc qdisc del dev eth3 root
+ tc qdisc del dev eth3 ingress
+ read inx interface details
+ case $inx in
+ read inx interface details
+ case $inx in
+ clear_one_tc wlan0
+ tc qdisc del dev wlan0 root
+ tc qdisc del dev wlan0 ingress
+ read inx interface details
+ case $inx in
+ read inx interface details
+ setup_common_rules
+ progress_message2 Setting up Route Filtering...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Setting up Route Filtering...
Setting up Route Filtering...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Setting' up Route Filtering...
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/all/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/default/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth0/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth1/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth2/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth3/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/lo/rp_filter ']'
+ echo 0
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/wlan0/rp_filter ']'
+ echo 0
+ echo 0
+ echo 0
+ '[' -n '' ']'
+ ip -4 route flush cache
+ progress_message2 Setting up Martian Logging...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Setting up Martian Logging...
Setting up Martian Logging...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Setting' up Martian Logging...
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/all/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/default/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth0/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth1/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth2/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/eth3/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/lo/log_martians ']'
+ echo 1
+ for file in /proc/sys/net/ipv4/conf/*
+ '[' -f /proc/sys/net/ipv4/conf/wlan0/log_martians ']'
+ echo 1
+ echo 0
+ progress_message2 Setting up Proxy ARP...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Setting up Proxy ARP...
Setting up Proxy ARP...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Setting' up Proxy ARP...
+ '[' -f /proc/sys/net/netfilter/nf_conntrack_helper ']'
+ return 0
+ setup_routing_and_traffic_shaping
+ '[' -z '' ']'
+ undo_routing
+ local undofiles
+ local f
+ '[' -z '' ']'
+ '[' -f /var/lib/shorewall/rt_tables ']'
++ ls '/var/lib/shorewall/undo_*routing'
+ undofiles=
+ '[' -n '' ']'
+ '[' -w /etc/iproute2/rt_tables ']'
+ cat
+ '[' -f /var/lib/shorewall/default_route ']'
+ ip -4 route list
+ save_default_route
+ awk 'BEGIN {defroute=0;};
/^default / {defroute=1; print; next};
/nexthop/ {if (defroute == 1 ) {print ; next} };
{ defroute=0; };'
+ progress_message2 Adding Providers...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Adding Providers...
Adding Providers...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Adding' Providers...
+ DEFAULT_ROUTE=
+ FALLBACK_ROUTE=
+ start_provider_dsl
+ interface_is_usable eth0
+ local status
+ status=0
+ loopback_interface eth0
+ '[' eth0 = lo ']'
+ ip link show eth0
+ fgrep -q LOOPBACK
+ interface_is_up eth0
++ ip -4 link list dev eth0
++ grep -e '[<,]UP[,>]'
+ '[' -n '2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT group default qlen 1000' ']'
++ find_first_interface_address_if_any eth0
++ '[' 4 -eq 4 ']'
+++ ip -f inet addr show eth0
+++ grep 'inet .* global'
+++ head -n1
++ addr=' inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0'
++ '[' -n ' inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0' ']'
++ echo inet 199.254.229.43/24 brd 199.254.229.255 scope global eth0
++ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ '[' 199.254.229.43 '!=' 0.0.0.0 ']'
++ ip -4 link list dev eth0
++ fgrep 'state DOWN'
+ '[' -z '' ']'
+ '[' start '!=' enable ']'
+ '[' '!' -f /var/lib/shorewall/eth0_disabled ']'
+ run_isusable_exit eth0
+ true
+ status=0
+ return 0
+ '[' -n 199.254.229.1 ']'
+ qt ip -4 route flush table 1
+ ip -4 route flush table 1
+ echo 'ip -4 route flush table 1 > /dev/null 2>&1'
+ cat
+ qt ip -4 rule del fwmark 0x1/0xff
+ ip -4 rule del fwmark 0x1/0xff
+ run_ip rule add fwmark 0x1/0xff pref 10000 table 1
+ ip -4 rule add fwmark 0x1/0xff pref 10000 table 1
+ echo 'ip -4 rule del fwmark 0x1/0xff > /dev/null 2>&1'
+ run_ip route replace 199.254.229.1 src 199.254.229.43 dev eth0
+ ip -4 route replace 199.254.229.1 src 199.254.229.43 dev eth0
+ run_ip route replace 199.254.229.1 src 199.254.229.43 dev eth0 table 1
+ ip -4 route replace 199.254.229.1 src 199.254.229.43 dev eth0 table 1
+ run_ip route replace default via 199.254.229.1 src 199.254.229.43 dev eth0
table 1
+ ip -4 route replace default via 199.254.229.1 src 199.254.229.43 dev eth0
table 1
+ DEFAULT_ROUTE='via 199.254.229.1 dev eth0 '
+ find_interface_addresses eth0
+ read address
+ ip -f inet addr show eth0
+ grep 'inet '
+ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ qt ip -4 rule del from 199.254.229.43
+ ip -4 rule del from 199.254.229.43
+ run_ip rule add from 199.254.229.43 pref 20000 table 1
+ ip -4 rule add from 199.254.229.43 pref 20000 table 1
+ echo 'ip -4 rule del from 199.254.229.43 pref 20000 > /dev/null 2>&1'
+ rulenum=1
+ read address
+ qt ip -4 rule del from 192.168.0.99
+ ip -4 rule del from 192.168.0.99
+ run_ip rule add from 192.168.0.99 pref 20000 table 1
+ ip -4 rule add from 192.168.0.99 pref 20000 table 1
+ echo 'ip -4 rule del from 192.168.0.99 pref 20000 > /dev/null 2>&1'
+ rulenum=2
+ read address
+ qt ip -4 rule del iif eth1 to 0.0.0.0/0 pref 1600
+ ip -4 rule del iif eth1 to 0.0.0.0/0 pref 1600
+ run_ip rule add iif eth1 to 0.0.0.0/0 pref 1600 table 1
+ ip -4 rule add iif eth1 to 0.0.0.0/0 pref 1600 table 1
+ echo 'ip -4 rule del iif eth1 to 0.0.0.0/0 pref 1600 > /dev/null 2>&1'
+ echo 0
+ progress_message 'Provider dsl (1) Started'
+ local timestamp
+ timestamp=
+ '[' 2 -gt 1 ']'
+ '[' -n '' ']'
+ echo 'Provider dsl (1) Started'
Provider dsl (1) Started
+ '[' 2 -gt 1 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Provider dsl (1) Started'
+ start_provider_cbl
+ '[' -n '' ']'
+ echo 1
+ error_message 'WARNING: Interface eth2 is not usable -- Provider cbl (2) not
Started'
+ echo ' WARNING: Interface eth2 is not usable -- Provider cbl (2) not
Started'
WARNING: Interface eth2 is not usable -- Provider cbl (2) not Started
+ return 1
+ start_provider_fib
+ '[' -n Yes ']'
+ qt ip -4 route flush table 4
+ ip -4 route flush table 4
+ echo 'ip -4 route flush table 4 > /dev/null 2>&1'
+ cat
+ qt ip -4 rule del fwmark 0x4/0xff
+ ip -4 rule del fwmark 0x4/0xff
+ run_ip rule add fwmark 0x4/0xff pref 10003 table 4
+ ip -4 rule add fwmark 0x4/0xff pref 10003 table 4
+ echo 'ip -4 rule del fwmark 0x4/0xff > /dev/null 2>&1'
+ run_ip route replace 97.126.128.1 src 192.168.1.10 dev eth3
+ ip -4 route replace 97.126.128.1 src 192.168.1.10 dev eth3
+ run_ip route replace 97.126.128.1 src 192.168.1.10 dev eth3 table 4
+ ip -4 route replace 97.126.128.1 src 192.168.1.10 dev eth3 table 4
+ run_ip route replace default via 97.126.128.1 src 192.168.1.10 dev eth3 table
4
+ ip -4 route replace default via 97.126.128.1 src 192.168.1.10 dev eth3 table 4
+ run_ip route replace 97.126.128.1/32 dev eth3 table 253
+ ip -4 route replace 97.126.128.1/32 dev eth3 table 253
+ run_ip route replace default via 97.126.128.1 src 192.168.1.10 dev eth3 table
253 metric 4
+ ip -4 route replace default via 97.126.128.1 src 192.168.1.10 dev eth3 table
253 metric 4
+ echo 'ip -4 route del default via 97.126.128.1 table 253 > /dev/null 2>&1'
+ echo 'ip -4 route del 97.126.128.1/32 dev eth3 table 253 > /dev/null 2>&1'
+ find_interface_addresses eth3
+ read address
+ ip -f inet addr show eth3
+ grep 'inet '
+ sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
+ qt ip -4 rule del from 192.168.1.10
+ ip -4 rule del from 192.168.1.10
+ run_ip rule add from 192.168.1.10 pref 20000 table 4
+ ip -4 rule add from 192.168.1.10 pref 20000 table 4
+ echo 'ip -4 rule del from 192.168.1.10 pref 20000 > /dev/null 2>&1'
+ rulenum=1
+ read address
+ qt ip -4 rule del from 97.126.130.169
+ ip -4 rule del from 97.126.130.169
+ run_ip rule add from 97.126.130.169 pref 20000 table 4
+ ip -4 rule add from 97.126.130.169 pref 20000 table 4
+ echo 'ip -4 rule del from 97.126.130.169 pref 20000 > /dev/null 2>&1'
+ rulenum=2
+ read address
+ qt ip -4 rule del iif eth1 to 0.0.0.0/0 pref 1500
+ ip -4 rule del iif eth1 to 0.0.0.0/0 pref 1500
+ run_ip rule add iif eth1 to 0.0.0.0/0 pref 1500 table 4
+ ip -4 rule add iif eth1 to 0.0.0.0/0 pref 1500 table 4
+ echo 'ip -4 rule del iif eth1 to 0.0.0.0/0 pref 1500 > /dev/null 2>&1'
+ echo 0
+ '[' start = enable ']'
+ echo 1
+ progress_message 'Provider fib (4) Started'
+ local timestamp
+ timestamp=
+ '[' 2 -gt 1 ']'
+ '[' -n '' ']'
+ echo 'Provider fib (4) Started'
Provider fib (4) Started
+ '[' 2 -gt 1 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Provider fib (4) Started'
+ run_ip rule add from 0.0.0.0/0 table 254 pref 999
+ ip -4 rule add from 0.0.0.0/0 table 254 pref 999
+ run_ip rule add from 0.0.0.0/0 table 250 pref 32765
+ ip -4 rule add from 0.0.0.0/0 table 250 pref 32765
+ ip -4 rule del from 0.0.0.0/0 table 254 pref 32766
+ echo 'ip -4 rule add from 0.0.0.0/0 table 254 pref 32766 > /dev/null 2>&1'
+ echo 'ip -4 rule del from 0.0.0.0/0 table 254 pref 999 > /dev/null 2>&1'
+ echo 'ip -4 rule del from 0.0.0.0/0 table 250 pref 32765 > /dev/null 2>&1'
+ '[' -n 'via 199.254.229.1 dev eth0 ' ']'
+ run_ip route replace default scope global table 250 via 199.254.229.1 dev eth0
+ ip -4 route replace default scope global table 250 via 199.254.229.1 dev eth0
+ qt ip -4 route del default table 254
+ ip -4 route del default table 254
+ true
+ qt ip -4 route del default table 254
+ ip -4 route del default table 254
+ true
+ qt ip -4 route del default table 254
+ ip -4 route del default table 254
++ echo via 199.254.229.1 dev eth0
++ sed 's/$\s*//'
+ progress_message 'Default route '\''via 199.254.229.1 dev eth0'\'' Added'
+ local timestamp
+ timestamp=
+ '[' 2 -gt 1 ']'
+ '[' -n '' ']'
+ echo 'Default route '\''via 199.254.229.1 dev eth0'\'' Added'
Default route 'via 199.254.229.1 dev eth0' Added
+ '[' 2 -gt 1 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Default route '\''via 199.254.229.1 dev eth0'\'' Added'
+ delete_default_routes 253
+ ip -4 route ls table 253
+ grep -F default
+ read route
+ grep -vF metric
+ run_ip route flush cache
+ ip -4 route flush cache
+ cat
+ cat
+ cat
+ cat
+ '[' start = restore ']'
+ setup_netfilter
+ local option
+ '[' start = reload -a -n '' ']'
+ option='--wait 60'
+ progress_message2 Preparing iptables-restore input...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Preparing iptables-restore input...
Preparing iptables-restore input...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Preparing' iptables-restore input...
+ exec
+ cat
+ '[' -f /var/lib/shorewall/.dynamic ']'
+ cat /var/lib/shorewall/.dynamic
+ cat
+ exec
+ '[' -n '' ']'
+ command='/sbin/iptables-restore --wait 60'
+ progress_message2 'Running /sbin/iptables-restore --wait 60...'
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo 'Running /sbin/iptables-restore --wait 60...'
Running /sbin/iptables-restore --wait 60...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Running /sbin/iptables-restore --wait 60...'
+ cat /var/lib/shorewall/.iptables-restore-input
+ /sbin/iptables-restore --wait 60
+ '[' 0 '!=' 0 ']'
+ conditionally_flush_conntrack
+ '[' -n '' ']'
+ echo 1
+ progress_message2 IPv4 Forwarding Enabled
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo IPv4 Forwarding Enabled
IPv4 Forwarding Enabled
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 IPv4' Forwarding Enabled
+ run_start_exit
+ progress_message2 Processing /etc/shorewall/start ...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Processing /etc/shorewall/start ...
Processing /etc/shorewall/start ...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Processing' /etc/shorewall/start ...
+ return 0
+ do_iptables -N shorewall
+ local status
+ '[' 1 ']'
+ /sbin/iptables --wait -N shorewall
+ status=0
+ '[' 0 -ne 4 ']'
+ return 0
+ do_iptables -A shorewall -m recent --set --name %CURRENTTIME
+ local status
+ '[' 1 ']'
+ /sbin/iptables --wait -A shorewall -m recent --set --name %CURRENTTIME
+ status=0
+ '[' 0 -ne 4 ']'
+ return 0
+ set_state Started /etc/shorewall/
+ '[' 2 -gt 1 ']'
++ date
+ echo 'Started Mon Jan 1 16:55:29 PST 2024 from /etc/shorewall/'
++ my_pathname
++ local pwd
++ pwd=/etc/shorewall.dsl_cbl_fib
+++ dirname /var/lib/shorewall/firewall
++ cd /var/lib/shorewall
+++ basename /var/lib/shorewall/firewall
++ echo /var/lib/shorewall/firewall
++ cd /etc/shorewall.dsl_cbl_fib
+ my_pathname=/var/lib/shorewall/firewall
+ '[' /var/lib/shorewall/firewall = /var/lib/shorewall/firewall ']'
+ run_started_exit
+ progress_message2 Processing /etc/shorewall/started ...
+ local timestamp
+ timestamp=
+ '[' 2 -gt 0 ']'
+ '[' -n '' ']'
+ echo Processing /etc/shorewall/started ...
Processing /etc/shorewall/started ...
+ '[' 2 -gt 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 Processing' /etc/shorewall/started ...
+ date
+ case $COMMAND in
+ mylogger daemon.info 'Shorewall started'
+ local level
+ level=daemon.info
+ shift
+ '[' -n '' ']'
+ logger -p daemon.info Shorewall started
+ status=0
+ '[' 0 -eq 0 ']'
+ '[' -n /run/lock/shorewall ']'
+ touch /run/lock/shorewall
+ progress_message3 done.
+ local timestamp
+ timestamp=
+ '[' 2 -ge 0 ']'
+ '[' -n '' ']'
+ echo done.
done.
+ '[' 2 -ge 0 ']'
++ date '+%b %e %T'
+ timestamp='Jan 1 16:55:29 '
+ echo 'Jan 1 16:55:29 done.'
+ return 0
+ exit 0
###############################################################################
#
# Shorewall Version 5 -- /etc/shorewall/shorewall.conf
#
# For information about the settings in this file, type "man shorewall.conf"
#
# Manpage also online at https://shorewall.org/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=Yes
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=2
###############################################################################
# P A G E R
###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/run/lock/shorewall
TC=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DOCKER=No
DOCKER_BRIDGE=docker0
DONT_LOAD=
DYNAMIC_BLACKLIST=ipset,timeout=0
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
#LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=No
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users