Hi Tom If I set /etc/shorewall/init to something like "echo $COMMAND", then I notice that starting (or restarting) shorewall with "-f" doesn''t run init (nor refresh) This doesn''t seem deliberate according to the docs here: http://shorewall.net/shorewall_extension_scripts.htm I notice that run_init_exit() is defined as per the init file in /var/lib/shorewall/firewall, however, it''s not defined in /var/lib/shorewall/restore So if I never run shorewall save, then "-f start" runs the firewall script. However, if I run save, then "-f start" seems to then use the restore script? Expected? However, I don''t see the restore script ever get recreated other than by forcing it to be (shorewall save)? Touching some file in rules and then running "-f start" causes a recompile and the "firewall" script is run. Subsequently stopping and restarting causes the command to be "restore", which reads the (older) "restore" file and not the "firewall" file I think this isn''t intended, but I''m not quite sure how we want to define the various files? In this case I suspect my error is to use the -f flag, since setting AUTOMAKE=true appears to do mostly the same thing only it then uses the firewall file to restore. Question is what we are gaining by -f referencing the restore file which isn''t maintained during a restart? Should we default the RESTOREFILE= option to be "firewall"? Should the -f flag not become a command line way to specify AUTOMAKE=true for this one run? Is there still a bug in that the "init" and "refresh" script isn''t run when restoring from the "restore" script? Is it expected that "restore" will ever be different to "firewall"? Thanks for any thoughts? Ed W ------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
On Thu, 2011-07-21 at 13:50 +0100, Ed W wrote:> Hi Tom > > If I set /etc/shorewall/init to something like "echo $COMMAND", then I > notice that starting (or restarting) shorewall with "-f" doesn''t run > init (nor refresh) > > This doesn''t seem deliberate according to the docs here: > http://shorewall.net/shorewall_extension_scripts.htm > > I notice that run_init_exit() is defined as per the init file in > /var/lib/shorewall/firewall, however, it''s not defined in > /var/lib/shorewall/restore > > So if I never run shorewall save, then "-f start" runs the firewall > script. However, if I run save, then "-f start" seems to then use the > restore script? Expected? > > However, I don''t see the restore script ever get recreated other than by > forcing it to be (shorewall save)? Touching some file in rules and then > running "-f start" causes a recompile and the "firewall" script is run. > Subsequently stopping and restarting causes the command to be "restore", > which reads the (older) "restore" file and not the "firewall" file > > I think this isn''t intended, but I''m not quite sure how we want to > define the various files? In this case I suspect my error is to use the > -f flag, since setting AUTOMAKE=true appears to do mostly the same thing > only it then uses the firewall file to restore. Question is what we are > gaining by -f referencing the restore file which isn''t maintained during > a restart? > > Should we default the RESTOREFILE= option to be "firewall"? Should the > -f flag not become a command line way to specify AUTOMAKE=true for this > one run? Is there still a bug in that the "init" and "refresh" script > isn''t run when restoring from the "restore" script? Is it expected that > "restore" will ever be different to "firewall"? > > Thanks for any thoughts?From the Shorewall 4.4.20 Release Notes: 6) Up to this release, the behaviors of ''start -f'' and ''restart -f'' has been inconsistent. The ''start -f'' command compares the modification times of /etc/shorewall[6] with /var/lib/shorewall[6]/restore while ''restart -f'' compares with /var/lib/shorewall[6]/firewall. To make the two consistent, a new LEGACY_FASTSTART option has been added. The default value when the option isn''t specified is LEGACY_FASTSTART=Yes which preserves the old behavior. When LEGACY_FASTSTART=No, ''start -f'' and ''restart -f'' both compare with /var/lib/shorewall[6]/firewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
> From the Shorewall 4.4.20 Release Notes: > > 6) Up to this release, the behaviors of ''start -f'' and ''restart -f'' > has been inconsistent.Pah, yes I had read that previously, but I guess I didn''t connect it with the symptoms later... Bah Apologies for the noise... Ed ------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
On Thu, 2011-07-21 at 14:41 +0100, Ed W wrote:> > From the Shorewall 4.4.20 Release Notes: > > > > 6) Up to this release, the behaviors of ''start -f'' and ''restart -f'' > > has been inconsistent. > > Pah, yes I had read that previously, but I guess I didn''t connect it > with the symptoms later... Bah > > Apologies for the noise...No problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
Hi, My bad I accidently changed it by mistake my LOGFILE= when I put Shorewall on Arch to test it. This is what I''ve always used in the past and put it back; LOGFILE=/var/log/ulogd.syslogemu THANKS On Thu, Jul 21, 2011 at 9:46 AM, Tom Eastep <teastep@shorewall.net> wrote:> On Thu, 2011-07-21 at 14:41 +0100, Ed W wrote: > > > From the Shorewall 4.4.20 Release Notes: > > > > > > 6) Up to this release, the behaviors of ''start -f'' and ''restart -f'' > > > has been inconsistent. > > > > Pah, yes I had read that previously, but I guess I didn''t connect it > > with the symptoms later... Bah > > > > Apologies for the noise... > > No problem. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > 5 Ways to Improve & Secure Unified Communications > Unified Communications promises greater efficiencies for business. UC can > improve internal communications as well as offer faster, more efficient > ways > to interact with customers and streamline customer service. Learn more! > http://www.accelacomm.com/jaw/sfnl/114/51426253/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/
Sorry made my reply here, received this mail list for some reason.... On Thu, Jul 21, 2011 at 11:50 AM, Das <dasfox@gmail.com> wrote:> Hi, > > My bad I accidently changed it by mistake my LOGFILE= when I put Shorewall > on Arch to test it. > > This is what I''ve always used in the past and put it back; > > LOGFILE=/var/log/ulogd.syslogemu > > > THANKS > > > > On Thu, Jul 21, 2011 at 9:46 AM, Tom Eastep <teastep@shorewall.net> wrote: > >> On Thu, 2011-07-21 at 14:41 +0100, Ed W wrote: >> > > From the Shorewall 4.4.20 Release Notes: >> > > >> > > 6) Up to this release, the behaviors of ''start -f'' and ''restart -f'' >> > > has been inconsistent. >> > >> > Pah, yes I had read that previously, but I guess I didn''t connect it >> > with the symptoms later... Bah >> > >> > Apologies for the noise... >> >> No problem. >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> >> ------------------------------------------------------------------------------ >> 5 Ways to Improve & Secure Unified Communications >> Unified Communications promises greater efficiencies for business. UC can >> improve internal communications as well as offer faster, more efficient >> ways >> to interact with customers and streamline customer service. Learn more! >> http://www.accelacomm.com/jaw/sfnl/114/51426253/ >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ 5 Ways to Improve & Secure Unified Communications Unified Communications promises greater efficiencies for business. UC can improve internal communications as well as offer faster, more efficient ways to interact with customers and streamline customer service. Learn more! http://www.accelacomm.com/jaw/sfnl/114/51426253/