Hello, Using recent Shorewall versions (4.5.11 and 4.5.3) it seems that an active TC config is not removed when using ''restart'' with a config that does not have any TC parameters. Version 4.5.2 does remove a TC config. Here''s how the test is made. 1) state: no firewall config applied. iptables returns all ACCEPT. tc returns no information when queried about the interface that will receive TC config in the next steps. shorewall.conf has: ''TC_ENABLED=Internal''. 2) The following simple config is applied by changing to the directory where the config files are located and issuing: using ''shorewall restart .'' zones fw firewall net ipv4 interfaces net switch.0001 policy all all ACCEPT tcdevices switch.0001 0 75mbit tcclasses switch.0001 1 full*1/10 full*9/10 1 switch.0001 2 full*3/10 full*7/10 1 default tcrules 1 172.30.159.102 0.0.0.0/0 all 3) state: iptables returns FW config. tc returns proper class information: ''tc -s -d class show dev switch.0001'' 4) The tc* files are moved away from the config directory 5) ''shorewall restart .'' is executed 6) state: the tc command still returns the class information. With Shorewall 4.5.2 and the same test the TC config is wiped from the system. Thanks. ------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512
On 01/08/2013 07:32 AM, Fred Maillou wrote:> Hello, > > Using recent Shorewall versions (4.5.11 and 4.5.3) it seems > that an active TC config is not removed when using ''restart'' with > a config that does not have any TC parameters. Version 4.5.2 > does remove a TC config. > > Here''s how the test is made. > > 1) state: no firewall config applied. iptables returns all > ACCEPT. tc returns no information when queried about the > interface that will receive TC config in the next steps. > shorewall.conf has: ''TC_ENABLED=Internal''. > > 2) The following simple config is applied by changing to the > directory where the config files are located and issuing: > using ''shorewall restart .'' > > zones > > fw firewall > net ipv4 > > interfaces > > net switch.0001 > > policy > > all all ACCEPT > > tcdevices > > switch.0001 0 75mbit > > tcclasses > > switch.0001 1 full*1/10 full*9/10 1 > switch.0001 2 full*3/10 full*7/10 1 default > > tcrules > > 1 172.30.159.102 0.0.0.0/0 all > > > 3) state: iptables returns FW config. tc returns proper class > information: ''tc -s -d class show dev switch.0001'' > > 4) The tc* files are moved away from the config directory > > 5) ''shorewall restart .'' is executed > > 6) state: the tc command still returns the class information. With > Shorewall 4.5.2 and the same test the TC config is wiped from the > system.What is the setting of CLEAR_TC in shorewall.conf? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512
> What is the setting of CLEAR_TC in shorewall.conf?In both test cases it is: CLEAR_TC=Yes ------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512
Hello Tom,>> What is the setting of CLEAR_TC in shorewall.conf?> In both test cases it is:> CLEAR_TC=YesWas this identified as a bug ? Or is it something done wrong (although the test cases seems quite straightforward). Thanks! ------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
On 01/09/2013 06:47 AM, Fred Maillou wrote:> Hello Tom, > >>> What is the setting of CLEAR_TC in shorewall.conf? > >> In both test cases it is: > >> CLEAR_TC=Yes > > > Was this identified as a bug ? Or is it something done wrong > (although the test cases seems quite straightforward). >I can''t reproduce the problem. Do you have AUTOMAKE=Yes in shorewall.conf? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612