-----Original Message----- From: AdStar [mailto:adstar@genis-x.com] Sent: Monday, 6 February 2006 12:02 To: ''Tom Eastep'' Subject: RE: [Shorewall-users] RE: problem with shorewall reset (I think). :( Thank you Tom for spending the time to help me look through this. I guess I can update shorwall to the latest, and then look into trying to figure out what changed on my bering firewall. I gather I should look in the /usr/share/shorewall/firewall script to see what is meant to happen after the line it stops at, maybe that will give me some insight to what''s busted on this machine. On thing I have noticed + mkdir /tmp/shorewall-17342 + chmod 700 /tmp/shorewall-17342 + echo /tmp/shorewall-17342 + TMP_DIR=/tmp/shorewall-17342 + [ -n /tmp/shorewall-17342 ] + chmod 700 /tmp/shorewall-17342 + trap rm -rf /tmp/shorewall-17342; my_mutex_off; exit 2 1 2 3 4 5 6 9 The directory isn''t getting removed from /tmp/ *shrug* not sure if that means anything in the big picture. Cheers and thanks again for spending the time Tom. Adam -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, 6 February 2006 11:45 To: AdStar Subject: Re: [Shorewall-users] RE: problem with shorewall reset (I think). On Sunday 05 February 2006 15:52, AdStar wrote:> Hi Tom, > > Yes I''m running Leaf/Bering, but do have enough space in the RAM disk. > > Filesystem 1k-blocks Used Available Use% Mounted on > /dev/root 65536 5616 59920 9% / > tmpfs 8192 0 8192 0% /tmp > tmpfs 32768 136 32632 0% /var/log > > But just to double check I rebooted the firewall, but still get the same > output below.. :( >Well, I have no idea what is happening -- the code the I release doesn''t stop execution at that poitn. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
On Sunday 05 February 2006 18:38, AdStar wrote:> -----Original Message----- > From: AdStar [mailto:adstar@genis-x.com] > Sent: Monday, 6 February 2006 12:02 > To: ''Tom Eastep'' > Subject: RE: [Shorewall-users] RE: problem with shorewall reset (I think). > > :( > > Thank you Tom for spending the time to help me look through this. I guess I > can update shorwall to the latest, and then look into trying to figure out > what changed on my bering firewall. > > I gather I should look in the /usr/share/shorewall/firewall script to see > what is meant to happen after the line it stops at, maybe that will give me > some insight to what''s busted on this machine. > > On thing I have noticed > + mkdir /tmp/shorewall-17342 > + chmod 700 /tmp/shorewall-17342 > + echo /tmp/shorewall-17342 > + TMP_DIR=/tmp/shorewall-17342 > + [ -n /tmp/shorewall-17342 ] > + chmod 700 /tmp/shorewall-17342 > + trap rm -rf /tmp/shorewall-17342; my_mutex_off; exit 2 1 2 3 4 5 6 9 > > The directory isn''t getting removed from /tmp/ *shrug* not sure if that > means anything in the big picture.That code arms a signal handler. It doesn''t acutally execute the rm command at that time. The fact that the directory doesn''t get removed simply means that the signal handler isn''t getting invoked. In Shorewall 2.4.2, the code being executed is: run_user_exit() # $1 = file name { local user_exit=$(find_file $1) if [ -f $user_exit ]; then progress_message "Processing $user_exit ..." . $user_exit fi } Your shell running that code appears to simply stop rather than sourcing /etc/shorewall/params. Here''s the context in which that call occurs: [ -f $VERSION_FILE ] && version=$(cat $VERSION_FILE) run_user_exit params config=$(find_file shorewall.conf) So it appears that your shell is stopping between issuing the progress message and setting the ''config'' variable. The trace shows the former but not the latter. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I know absolutely nothing about just about everything, but just thought I would throw this out. Could the cron job be running as a different user as when the reset is run interactively from the shell? If yes, is a different shell invoked for that other user then for yourself? -- This is what you said Tom Eastep> On Sunday 05 February 2006 18:38, AdStar wrote: >> -----Original Message----- >> From: AdStar [mailto:adstar@genis-x.com] >> Sent: Monday, 6 February 2006 12:02 >> To: ''Tom Eastep'' >> Subject: RE: [Shorewall-users] RE: problem with shorewall reset (I >> think). >> >> :( >> >> Thank you Tom for spending the time to help me look through this. I >> guess I >> can update shorwall to the latest, and then look into trying to figure >> out >> what changed on my bering firewall. >> >> I gather I should look in the /usr/share/shorewall/firewall script to >> see >> what is meant to happen after the line it stops at, maybe that will give >> me >> some insight to what''s busted on this machine. >> >> On thing I have noticed >> + mkdir /tmp/shorewall-17342 >> + chmod 700 /tmp/shorewall-17342 >> + echo /tmp/shorewall-17342 >> + TMP_DIR=/tmp/shorewall-17342 >> + [ -n /tmp/shorewall-17342 ] >> + chmod 700 /tmp/shorewall-17342 >> + trap rm -rf /tmp/shorewall-17342; my_mutex_off; exit 2 1 2 3 4 5 6 9 >> >> The directory isn''t getting removed from /tmp/ *shrug* not sure if that >> means anything in the big picture. > > That code arms a signal handler. It doesn''t acutally execute the rm > command at > that time. The fact that the directory doesn''t get removed simply means > that > the signal handler isn''t getting invoked. > > In Shorewall 2.4.2, the code being executed is: > > run_user_exit() # $1 = file name > { > local user_exit=$(find_file $1) > > if [ -f $user_exit ]; then > progress_message "Processing $user_exit ..." > . $user_exit > fi > } > > Your shell running that code appears to simply stop rather than > sourcing /etc/shorewall/params. > > Here''s the context in which that call occurs: > > [ -f $VERSION_FILE ] && version=$(cat $VERSION_FILE) > > run_user_exit params > > config=$(find_file shorewall.conf) > > So it appears that your shell is stopping between issuing the progress > message > and setting the ''config'' variable. The trace shows the former but not the > latter. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Well after another night of searching the web I FOUND THE ANSWER :) Heheh it was answered sometime back by yourself Tom, slightly different issue but much the same problem. http://sourceforge.net/mailarchive/message.php?msg_id=2044282 is the link it basically comes down to redirecting stdout and stderr in my script, like so.. /sbin/shorewall reset > /tmp/shoreout 2>&1 Not quite totally understanding why this would solve the problem of running shorewall reset from cron, I''m a happy chappy now. Thank you again Tom, your support of shorewall is just fantastic. Regards Adam -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Monday, 6 February 2006 14:14 To: shorewall-users@lists.sourceforge.net Cc: AdStar Subject: Re: FW: [Shorewall-users] RE: problem with shorewall reset (I think). On Sunday 05 February 2006 18:38, AdStar wrote:> -----Original Message----- > From: AdStar [mailto:adstar@genis-x.com] > Sent: Monday, 6 February 2006 12:02 > To: ''Tom Eastep'' > Subject: RE: [Shorewall-users] RE: problem with shorewall reset (I think). > > :( > > Thank you Tom for spending the time to help me look through this. I guessI> can update shorwall to the latest, and then look into trying to figure out > what changed on my bering firewall. > > I gather I should look in the /usr/share/shorewall/firewall script to see > what is meant to happen after the line it stops at, maybe that will giveme> some insight to what''s busted on this machine. > > On thing I have noticed > + mkdir /tmp/shorewall-17342 > + chmod 700 /tmp/shorewall-17342 > + echo /tmp/shorewall-17342 > + TMP_DIR=/tmp/shorewall-17342 > + [ -n /tmp/shorewall-17342 ] > + chmod 700 /tmp/shorewall-17342 > + trap rm -rf /tmp/shorewall-17342; my_mutex_off; exit 2 1 2 3 4 5 6 9 > > The directory isn''t getting removed from /tmp/ *shrug* not sure if that > means anything in the big picture.That code arms a signal handler. It doesn''t acutally execute the rm command at that time. The fact that the directory doesn''t get removed simply means that the signal handler isn''t getting invoked. In Shorewall 2.4.2, the code being executed is: run_user_exit() # $1 = file name { local user_exit=$(find_file $1) if [ -f $user_exit ]; then progress_message "Processing $user_exit ..." . $user_exit fi } Your shell running that code appears to simply stop rather than sourcing /etc/shorewall/params. Here''s the context in which that call occurs: [ -f $VERSION_FILE ] && version=$(cat $VERSION_FILE) run_user_exit params config=$(find_file shorewall.conf) So it appears that your shell is stopping between issuing the progress message and setting the ''config'' variable. The trace shows the former but not the latter. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642