Had a Power failure this weekend. I found out that my firewall machines can reboot much faster than my cable modem can re-train (reconnect to the head-end controller at the cable company). The firewall is happy to continue using the ip it acquired previously and appears to bring up its net side interface (the firewall machine could access the net), but shorewall would not let anything pass from the lan to the net (or vise versa). A shorewall restart fixed this. Now had I been in Mexico (or even in Seattle to take in a Mariners game) when this happened it would be a tad inconvienent. So I was wondering if there was a way to schedule a shorewall restart 5 minutes after powerup or system restart? Cron seems to not have this option as best as I can tell. ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386
On Mon, 12 Aug 2002, John Andersen wrote:> Had a Power failure this weekend. > > I found out that my firewall machines can reboot much faster than my cable modem can re-train > (reconnect to the head-end controller at the cable company). > > The firewall is happy to continue using the ip it acquired previously and appears to bring up its net > side interface (the firewall machine could access the net), but shorewall would not let anything > pass from the lan to the net (or vise versa). > > A shorewall restart fixed this. >Was Shorewall started? Were you seeing any Shorewall messages in your logs? I can''t think of anything off hand that would lead to this behavior if Shorewall actually did start initially. There are some features of Shorewall that require your network interfaces to be up at the time that Shorewall is started but if you don''t use those features, you can start Shorewall very early in the boot process. Hmmm - I''ll bet I couldn''t write another paragraph where 4 line breaks occurred at the word "Shorewall" :-)> Now had I been in Mexico (or even in Seattle to take in a Mariners game) when this happened it > would be a tad inconvienent. > > So I was wondering if there was a way to schedule a shorewall restart 5 minutes after powerup or > system restart? >schedule_shorewall_restart() { sleep 300 /sbin/shorewall/restart } schedule_shorewall_restart & -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Hi John, --- John Andersen <JAndersen@screenio.com> wrote:> Had a Power failure this weekend.[snip]> So I was wondering if there was a way to schedule a shorewall restart 5 > minutes after powerup or > system restart?How about a script, let''s call it /etc/rc.d/restart.shorewall: #!/bin/sh sleep 300 # 5 minutes shorewall restart and invoked as: /etc/rc.d/restart.shorewall & # NOTE the & to start in background from your /etc/rc.d/rc.local (or equivalent for your system.) You could probably add more logic to test if the system crashed or not but I don''t know how to test for that.> Cron seems to not have this option as best as I can tell.I''m a newbie so I don''t know either. Hope this helps. -- Cass __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com
On 12 Aug 2002 at 12:37, Tom Eastep wrote: > I can''t think of anything off hand that would lead to this behavior if> Shorewall actually did start initially. There are some features of > Shorewall that require your network interfaces to be up at the time that > Shorewall is started but if you don''t use those features, you can start > Shorewall very early in the boot process.Appears to have been. There was a log entry showing so anyway. The delayed restart script works fine, had an oppertunity to test it this afternoon when we had another power failure.. Thanks Tom and Cass. ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386