Gregory Pleau
2004-Oct-14 02:47 UTC
Loooooooooooong Delay processing Actions.Drop and Actions.Reject
I''ve tried googling and searching the archives for any mention of this. After updating my shorewall RPMs a little while ago I noticed that there was new options - the Actions.Drop and Actions.Reject functions. My shorewall config still starts up happily, but when it gets to the part where it processes those actions (which I don''t use!) I get a severe delay that can last from 15 minutes to the longest one is a dual Xeon 3.0 system that takes 1 hour and 15 minutes to start Shorewall with about 45 rules in /etc/shorewall/rules. Everything works normally except that terrible startup delay. Anyone else see something similar at all? I''ve run out of ideas about where to look and I certainly don''t want to start rolling back to eight month old RPMs. The machines are running Fedora Core 2 at the moment, first noticed it on Red Hat 9, but lived with it at the time. Thanks, - Gregory Pleau
Tom Eastep
2004-Oct-14 03:13 UTC
Re: Loooooooooooong Delay processing Actions.Drop and Actions.Reject
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory Pleau wrote:> I''ve tried googling and searching the archives for any mention of this. > After updating my shorewall RPMs a little while ago I noticed thatthere was> new options - the Actions.Drop and Actions.Reject functions. > > My shorewall config still starts up happily, but when it gets to the part > where it processes those actions (which I don''t use!) I get a severe delay > that can last from 15 minutes to the longest one is a dual Xeon 3.0 system > that takes 1 hour and 15 minutes to start Shorewall with about 45 rules in > /etc/shorewall/rules. > > Everything works normally except that terrible startup delay. > Anyone else see something similar at all? I''ve run out of ideas aboutwhere> to look and I certainly don''t want to start rolling back to eightmonth old> RPMs. >I suggest that you read the Upgrade Issues article linked from the Shorewall home page and that you search the mailing list archives for the multiple emails that I sent instructing people how to prepare for the 1.4->2.0 transition. Once you have installed a 2.0.x version YOU DO USE action.Drop and action.Reject but I have no clue what could cause processing those files to delay. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbe7NO/MAbZfjDLIRAnRdAJ90UvmvWxxooHvmhPWw9d/8K/Qh2ACgm/NZ kDjlS1bdSuM/PvdXl2J0wdk=CnDK -----END PGP SIGNATURE-----
Tom Eastep
2004-Oct-14 14:40 UTC
Re: Loooooooooooong Delay processing Actions.Drop and Actions.Reject
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:> Gregory Pleau wrote: > >>>I''ve tried googling and searching the archives for any mention of this. >>>After updating my shorewall RPMs a little while ago I noticed that > > there was > >>>new options - the Actions.Drop and Actions.Reject functions. >>> >>>My shorewall config still starts up happily, but when it gets to the part >>>where it processes those actions (which I don''t use!) I get a severedelay>>>that can last from 15 minutes to the longest one is a dual Xeon 3.0system>>>that takes 1 hour and 15 minutes to start Shorewall with about 45rules in>>>/etc/shorewall/rules. >>> >>>Everything works normally except that terrible startup delay. >>>Anyone else see something similar at all? I''ve run out of ideas about > > where > >>>to look and I certainly don''t want to start rolling back to eight > > month old > >>>RPMs. >>> > > > I suggest that you read the Upgrade Issues article linked from the > Shorewall home page and that you search the mailing list archives for > the multiple emails that I sent instructing people how to prepare for > the 1.4->2.0 transition. > > Once you have installed a 2.0.x version YOU DO USE action.Drop and > action.Reject but I have no clue what could cause processing those files > to delay. >If you don''t have any success, the next suggestion is to trace "shorewall start" (see the instructions on the Shorewall troubleshooting page). Once the long delay begins, stop the process and see what the script was doing. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBbo/UO/MAbZfjDLIRAkSdAJ9+YI0HkXBai+AotcTPIfHnkYtsIQCeJLhi mNVyvWSJewOrcDxqEYTcg64=9eSv -----END PGP SIGNATURE-----
Tom Eastep
2004-Nov-02 21:08 UTC
Re: Loooooooooooong Delay processing Actions.Drop and Actions.Reject
On Tue, 2004-11-02 at 12:16, Gregory Pleau wrote:> Found it. We''re using LDAP here and it was a permissions issue. >Thanks for the followup. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key