Re: [Shorewall-users] Shorewall need clear to work after reboot

[Robert K Coffman Jr. -Info From Data Corp.]

Logging is too deep for me to go into here - on my system, there is a shorewall-init log in /var/log.  I suspect your system has this in logcontrol.

Here is the contents of the init.d job that starts shorewall on my firewalls.  For some changes to my configuration, I have to use this script before shorewall start, or else the change doesn't work.  I only bring it up because perhaps the difference between "/etc/init.d/shorewall start" and "shorewall start" could be used to fix your problem.  Strictly speculation however.

#!/bin/sh

RCDLINKS="2,S19 3,S19 4,S19 5,S19 0,K91 6,K91"

OPTIONS=""

WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup

# Use /etc/default shorewall to specify $OPTIONS and STARTOPTIONS to
# run at startup, however this this might prevent shorewall from
# starting. use at your own risk
if [ -f "/etc/default/shorewall" ] ; then
    . /etc/default/shorewall
fi

# wait for an unconfigured interface
wait_for_pppd () {
        if [ "$wait_interface" != "" ]
        then
           if [ -f $WAIT_FOR_IFUP ]
           then
                for i in $wait_interface
                do
                        $WAIT_FOR_IFUP $i 60
                done
           else
               echo "$WAIT_FOR_IFUP: File not found"
               exit 2
           fi
        fi
}


start() {
        echo "Starting IPv4 shorewall rules..."
        wait_for_pppd
        [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
        /sbin/shorewall $OPTIONS start $STARTOPTIONS
        [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
}

stop() {
        echo "Stopping IPv4 shorewall rules..."
        /sbin/shorewall stop
}

refresh() {
        echo "Refreshing IPv4 shorewall rules..."
        /sbin/shorewall refresh $REFRESHOPTIONS
}


reload() {
        echo "Reloading IPv4 shorewall rules..."
        /sbin/shorewall reload $RELOADOPTIONS
}

restart() {
        echo "Restarting IPv4 shorewall rules..."
        [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
        /sbin/shorewall restart $RESTARTOPTIONS
        [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
}

status() {
        /sbin/shorewall status
}

case "$1" in
    'start')
                start
        ;;
    'stop')
                stop
        ;;
    'refresh')
                refresh
        ;;
    'reload')
                reload
        ;;
    'restart')
                restart
        ;;
    'status')
                status
        ;;
    *)
                echo "Usage: $0 start|stop|refresh|reload|restart|status"
        ;;
esac

exit 0

# All done

- Bob

On 1/13/2026 11:36:39 AM, rcor...@edos.cl wrote:

Hi Robert,

Do you mean shorewall show log or other?

Thx

El 2026-01-13 13:11, Robert K Coffman Jr. -Info From Data Corp. escribió:

Ok - what do the logs say after a reboot?  One potential issue that might cause this is the status of any interfaces that are required but not ready when shorewall starts.

On 1/13/2026 9:52:47 AM, rcor...@edos.cl wrote:

Hi Robert,

I'm using systemcl 

systemctl enable shorewall after install package.

Thx.

El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. escribió:

How are you starting Shorewall after a reboot?

On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote:

Hi Simon,

i use shorewall from shorewall site reference, in this case 5.1.12 from https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/
and 5.2.8 from https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/

5.1.12 or 5.1.10 start but dont work, need apply clear/start to work.
5.2.8-12 start but dont work nat/dnat/proxyarp

Thx

El 2026-01-13 04:56, Simon Matter escribió:

Hi,

Hello everyone!

Somebody know why or how to fix shorewall for not need clear and start
after reboot?  i have EL7 and shorewall 5.1.12, previously working with
5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp
dont work.

Seems that your shorewall start is not working properly. Are you using a
shorewall package from epel? If so you could check the changelog to see
who has packaged it and ask directly?

Regards,
Simon

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-- 
Robert K Coffman Jr.
Info From Data Corp.
3307249000
supp...@infofromdata.com

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-- 
Robert K Coffman Jr.
Info From Data Corp.
3307249000
supp...@infofromdata.com

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-- 
Robert K Coffman Jr.
Info From Data Corp.
3307249000
supp...@infofromdata.com


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users