From: non-list-member With shorewall 2.0.2c on a kernel 2.6.5 I am finding that the report_capabilities() is being called before load_kernel_modules(). This leads to some problems, one of which is that the reported capabilities is wrong on the first "start" command. If you then "stop" then "start", things go better (now that the kernel modules are loaded). Some of the modules that get loaded (seemingly too late) are iptable_mangle ipt_multiport It seems a possible workaround is to first do a "check" operation just after boot, then do a "start". Is this a bug? Thanks, Dick
DHollenbeck wrote:> > It seems a possible workaround is to first do a "check" operation just > after boot, then do a "start".Yes -- that will work.> > Is this a bug?Yes -- but not a particularly easy one to fix. I''ll work on it. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> DHollenbeck wrote: > >> >> It seems a possible workaround is to first do a "check" operation just >> after boot, then do a "start". > > > Yes -- that will work. > >> >> Is this a bug? > > > Yes -- but not a particularly easy one to fix. I''ll work on it. >Please try 2.0.2d and let me know if it solves your problem: http://shorewall.net/pub/shorewall/shorewall-2.0.2d ftp://shorewall.net/pub/shorewall/shorewall-2.0.2d Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Tom Eastep wrote: > >> DHollenbeck wrote: >> >>> >>> It seems a possible workaround is to first do a "check" operation >>> just after boot, then do a "start". >> >> >> >> Yes -- that will work. >> >>> >>> Is this a bug? >> >> >> >> Yes -- but not a particularly easy one to fix. I''ll work on it. >> > > Please try 2.0.2d and let me know if it solves your problem: > > http://shorewall.net/pub/shorewall/shorewall-2.0.2d > ftp://shorewall.net/pub/shorewall/shorewall-2.0.2d > > Thanks, > -TomTom, Thanks tons. Fixed the problem. You da man! Unbelievable response time, dude.
DHollenbeck wrote:> > Thanks tons. Fixed the problem. You da man! >I discovered a problem with "save/restore" and the version that you tested (/var/lib/shorewall/restore was kernel-version dependent). If you use that feature, you''ll want to install the ''firewall'' script from the 2.0.2 errata. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net