Eric R Keller (ekeller@Princeton.EDU)
2008-Feb-07 21:45 UTC
Shorewall stopping without action
I''m using shorewall-perl 4.0.8 on CentOS 4.5, with a slightly modified 2.6.19.2 kernel (patched with a patch for Click - http://www.read.cs.ucla.edu/click/). The rules I have set up work as expected after I run shorewall start. The problem I''m having is that after a while (a couple hours, maybe) shorewall stops (as seen with shorewall status). I didn''t run anything and the machine did not reboot at all. At this point, the configuration (as seen with iptables -L) is not what I want. [#]$ sudo shorewall status Shorewall-4.0.8 Status at <machine name> - Thu Feb 7 16:20:26 EST 2008 Shorewall is stopped State:Started (Thu Feb 7 07:41:45 EST 2008) When I run "shorewall start <dir>" again everything is back to how I want it. Is there any explanation for this? I''m not sure where to start looking. Thanks, Eric ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Eric R Keller (ekeller@Princeton.EDU) wrote:> I''m using shorewall-perl 4.0.8 on CentOS 4.5, with a slightly modified 2.6.19.2 kernel (patched with a patch for Click - http://www.read.cs.ucla.edu/click/). > > The rules I have set up work as expected after I run shorewall start. > > The problem I''m having is that after a while (a couple hours, maybe) shorewall stops (as seen with shorewall status). I didn''t run anything and the machine did not reboot at all. At this point, the configuration (as seen with iptables -L) is not what I want. > > [#]$ sudo shorewall status > Shorewall-4.0.8 Status at <machine name> - Thu Feb 7 16:20:26 EST 2008 > > Shorewall is stopped > State:Started (Thu Feb 7 07:41:45 EST 2008) > > > When I run "shorewall start <dir>" again everything is back to how I want it. > > Is there any explanation for this? I''m not sure where to start looking.A cron job or something similar is instantiating a new (and unwanted) iptables ruleset. The last action by /sbin/shorewall was ''start'' as indicated by the last line of output. The ''Shorewall is stopped'' line indicates that the filter chain ''shorewall'' does not exist (it is added by a successful ''start''. ''restart'' , etc). Something (not Shorewall) is removing it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/