When I manually run ''shorewall'' (v3.2.6-2) on my Ubuntu/Feisty
system,
it starts up fine. But it won''t run during reboot/startup ...
can''t
seem to find any error messages on the console about it ... strange!
The "rc scripts" seem to be the same as on my other systems:
/etc/rc0.d/K89shorewall
/etc/rc6.d/K89shorewall
/etc/rcS.d/S40shorewall
Must be something stupid I''ve forgotten ...
Thanks for your ideas/comments,
--
Prof Kenneth H Jacker khj@cs.appstate.edu
Computer Science Dept www.cs.appstate.edu/~khj
Appalachian State Univ
Boone, NC 28608 USA
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
Kenneth Jacker wrote:> When I manually run ''shorewall'' (v3.2.6-2) on my Ubuntu/Feisty system, > it starts up fine. But it won''t run during reboot/startup ... can''t > seem to find any error messages on the console about it ... strange! > > The "rc scripts" seem to be the same as on my other systems: > > /etc/rc0.d/K89shorewall > /etc/rc6.d/K89shorewall > /etc/rcS.d/S40shorewall > > Must be something stupid I''ve forgotten ... > > Thanks for your ideas/comments,Have you enabled startup in /etc/default/shorewall? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
>> Must be something stupid I''ve forgotten ...It *was* something stupid! te> Have you enabled startup in /etc/default/shorewall? I had changed the setting in /etc/shorewall/shorewall.conf to: STARTUP_ENABLED=Yes but *not* in /etc/default/shorewall. Duh! One danger when you have used ''shorewall'' as long as I have, is not bothering to re-read the documentation every once in a while. I *did* remember that something needed to be "enabled" or ''shorewall'' wouldn''t run, but obviously changed the wrong thing! What is the purpose of "STARTUP_ENABLED"? Thanks Tom! -Kenneth PS Sorry ... you''ve got better things to do than answer apparent "newbie"/FAQ questions ... :-( ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Kenneth Jacker wrote:> >> Must be something stupid I''ve forgotten ... > > It *was* something stupid! > > te> Have you enabled startup in /etc/default/shorewall? > > I had changed the setting in /etc/shorewall/shorewall.conf to: > > STARTUP_ENABLED=Yes > > but *not* in /etc/default/shorewall. Duh! > > > One danger when you have used ''shorewall'' as long as I have, is not > bothering to re-read the documentation every once in a while. I *did* > remember that something needed to be "enabled" or ''shorewall'' wouldn''t > run, but obviously changed the wrong thing! > > What is the purpose of "STARTUP_ENABLED"?Kenneth, The Debian maintainer thinks that things should be done the Debian way -- that''s why he has the /etc/default/shorewall file with the ''startup'' option. The rest of the world controls Shorewall startup using the STARTUP_ENABLED option in shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, Jul 15, 2007 at 07:36:06AM -0700, Tom Eastep wrote:> > Kenneth, > > The Debian maintainer thinks that things should be done the Debian way -- > that''s why he has the /etc/default/shorewall file with the ''startup'' option. > The rest of the world controls Shorewall startup using the STARTUP_ENABLED > option in shorewall.conf. >As a Debian developer and user, I can certainly appreciate the reasoning. But yes, having it in two places can be annoying. I imagine that the "Debian way" is an outgrowth of multitudes of packages not having a cimple way to control whether or not to start. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, Jul 15, 2007 at 02:25:39PM -0400, Roberto C. S?nchez wrote:> On Sun, Jul 15, 2007 at 07:36:06AM -0700, Tom Eastep wrote: > > > > Kenneth, > > > > The Debian maintainer thinks that things should be done the Debian way -- > > that''s why he has the /etc/default/shorewall file with the ''startup'' option. > > The rest of the world controls Shorewall startup using the STARTUP_ENABLED > > option in shorewall.conf. > > > As a Debian developer and user, I can certainly appreciate the > reasoning. But yes, having it in two places can be annoying. I imagine > that the "Debian way" is an outgrowth of multitudes of packages not > having a cimple way to control whether or not to start./etc/default controls init scripts, when they need to be controlled (yes, dumb name, historical). That''s an area that has traditionally been left to the vendor - most packages don''t even supply one, and it usually has to be rewritten when they do. It''s an unfortunate concidence that shorewall has a feature that duplicates part of the behaviour of the init script. (This is all very clumsy, and that''s mostly because sysvinit sucks - it just sucks less than every *other* way to do it) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Andrew Suffield wrote:> It''s an unfortunate > concidence that shorewall has a feature that duplicates part of the > behaviour of the init script.In hindsight, it was an unfortunate choice on my part. Using /etc/default/shorewall or /etc/sysconfig/shorewall to control startup at boot time would have been a better approach. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Sun, Jul 15, 2007 at 02:44:18PM -0700, Tom Eastep wrote:> Andrew Suffield wrote: > > It''s an unfortunate > > concidence that shorewall has a feature that duplicates part of the > > behaviour of the init script. > > In hindsight, it was an unfortunate choice on my part. Using > /etc/default/shorewall or /etc/sysconfig/shorewall to control startup at > boot time would have been a better approach. >I wonder if a change now would be too intrusive. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Eastep wrote:> Andrew Suffield wrote: >> It''s an unfortunate >> concidence that shorewall has a feature that duplicates part of the >> behaviour of the init script. > > In hindsight, it was an unfortunate choice on my part. Using > /etc/default/shorewall or /etc/sysconfig/shorewall to control startup at > boot time would have been a better approach.There were other reasons behind that change too. By forcing everybody to change shorewall.conf file from it''s defaults to get it running it''s guaranteed that package upgrades won''t replace shorewall.conf which is vital part of shorewall version to version update requirements. - -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGm52GTlrZKzwul1ERAl0UAJ0VTPAcxHFeMiDeyUzcSHZ69THZvACdHwi2 2Wbfb/acg33zCef/bworgNM=cuEn -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tuomo Soini wrote:> Tom Eastep wrote: >> Andrew Suffield wrote: >>> It''s an unfortunate >>> concidence that shorewall has a feature that duplicates part of the >>> behaviour of the init script. >> In hindsight, it was an unfortunate choice on my part. Using >> /etc/default/shorewall or /etc/sysconfig/shorewall to control startup at >> boot time would have been a better approach. > > There were other reasons behind that change too. By forcing everybody to > change shorewall.conf file from it''s defaults to get it running it''s > guaranteed that package upgrades won''t replace shorewall.conf which is > vital part of shorewall version to version update requirements. >True. And Debian users have been especially hard hit by shorewall.conf being replaced during upgrades and consequently changing the behavior of their firewalls. Although one could argue that the way I''ve tried to use shorewall.conf to change the default behavior of Shorewall over time is also broken; a lot of users have been burned by it because they didn''t understand it and because shorewall.conf behaves differently from other products'' configuration files. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Roberto C. Sánchez wrote:> On Sun, Jul 15, 2007 at 02:44:18PM -0700, Tom Eastep wrote: >> Andrew Suffield wrote: >>> It''s an unfortunate >>> concidence that shorewall has a feature that duplicates part of the >>> behaviour of the init script. >> In hindsight, it was an unfortunate choice on my part. Using >> /etc/default/shorewall or /etc/sysconfig/shorewall to control startup at >> boot time would have been a better approach. >> > I wonder if a change now would be too intrusive.Probably -- see Tuomo''s post. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/