Shorewall users - Jan 2013 - problem with firewall

I have been running version 4.4.16.1 for several months now and it has 
worked wonderfully as our firewall.  Today I made a small change in the 
rules file to add a new IP address through the firewall. When initiating 
/etc/init.d/shorewall this suddenly happened:

[root@fw10g Shorewall]# /etc/init.d/shorewall restart
Restarting shorewall: Can''t exec
"/usr/share/shorewall//getparams":
Permission denied at /usr/share/shorewall/Shorewall/Config.pm line 2931.
    ERROR: Processing of /etc/shorewall/params failed
                                                            [FAILED]

To the best of my knowledge nothing has changed on this system since the 
last time I modified the rules.  Any thoughts or ideas?

Thanks
-- 


                      ''''''
                     (O O)
  ,-------------- oOO-(_)-OOo -------------,
  |            Stephen Williams            |
  |      Manager of Computer Services      |
  |       Center for Space Research        |
  |     University of Texas at Austin      |
  |     3925 W. Braker Ln., Suite 200      |
  |          Austin, TX 78759-5321         |
  |    512.471.7235  512.471.3570 (fax)    |
  |       williams@csr.utexas.edu          |
  |____________________ Oooo ______________|
                 oooO   (   )
                (   )    ) /
                 \ (    (_/
                  \_)







------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712

On 1/17/13 11:05 AM, Stephen Williams wrote:
> I have been running version 4.4.16.1 for several months now and it has
> worked wonderfully as our firewall.  Today I made a small change in the
> rules file to add a new IP address through the firewall. When initiating
> /etc/init.d/shorewall this suddenly happened:
> 
> [root@fw10g Shorewall]# /etc/init.d/shorewall restart
> Restarting shorewall: Can''t exec
"/usr/share/shorewall//getparams":
> Permission denied at /usr/share/shorewall/Shorewall/Config.pm line 2931.
>    ERROR: Processing of /etc/shorewall/params failed
>                                                            [FAILED]
> 
> To the best of my knowledge nothing has changed on this system since the
> last time I modified the rules.  Any thoughts or ideas?
Looks like an SELINUX issue. I''m betting that SELINUX has been
upgraded.

See if simply ''shorewall restart'' works.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712

yep, that was it.  just using ''shorewall restart'' works fine. 
the
SELINUX upgrade changed some ACLs.  i''ll just ignore the init script 
from now on.

On 1/17/2013 1:20 PM, Tom Eastep wrote:
> On 1/17/13 11:05 AM, Stephen Williams wrote:
>> I have been running version 4.4.16.1 for several months now and it has
>> worked wonderfully as our firewall.  Today I made a small change in the
>> rules file to add a new IP address through the firewall. When
initiating
>> /etc/init.d/shorewall this suddenly happened:
>>
>> [root@fw10g Shorewall]# /etc/init.d/shorewall restart
>> Restarting shorewall: Can''t exec
"/usr/share/shorewall//getparams":
>> Permission denied at /usr/share/shorewall/Shorewall/Config.pm line
2931.
>>     ERROR: Processing of /etc/shorewall/params failed
>>                                                             [FAILED]
>>
>> To the best of my knowledge nothing has changed on this system since
the
>> last time I modified the rules.  Any thoughts or ideas?
>
> Looks like an SELINUX issue. I''m betting that SELINUX has been
upgraded.
>
> See if simply ''shorewall restart'' works.
>
> -Tom
>
>
>
>
------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
>
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-- 


                      ''''''
                     (O O)
  ,-------------- oOO-(_)-OOo -------------,
  |            Stephen Williams            |
  |      Manager of Computer Services      |
  |       Center for Space Research        |
  |     University of Texas at Austin      |
  |     3925 W. Braker Ln., Suite 200      |
  |          Austin, TX 78759-5321         |
  |    512.471.7235  512.471.3570 (fax)    |
  |       williams@csr.utexas.edu          |
  |____________________ Oooo ______________|
                 oooO   (   )
                (   )    ) /
                 \ (    (_/
                  \_)







------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712

On 01/17/2013 12:21 PM, Stephen Williams wrote:
> yep, that was it.  just using ''shorewall restart'' works
fine.  the
> SELINUX upgrade changed some ACLs.  i''ll just ignore the init
script
> from now on.
Beware of reboot; your firewall won''t start at boot until this issue is
resolved. You can probably correct the SELINUX problem using your
distro''s SELINUX troubleshooting tools.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712

yep, have already started working on the SELINUX issue.  this is what i 
get for updating software packages on systems.  lesson to others: once 
you have some Linux boxes installed and configured (such as firewalls), 
don''t update software packages (especially kernel updates).  sometimes
a
stable system is worth keeping as stable.

On 1/17/2013 4:21 PM, Tom Eastep wrote:
> On 01/17/2013 12:21 PM, Stephen Williams wrote:
>> yep, that was it.  just using ''shorewall restart''
works fine.  the
>> SELINUX upgrade changed some ACLs.  i''ll just ignore the init
script
>> from now on.
>
> Beware of reboot; your firewall won''t start at boot until this
issue is
> resolved. You can probably correct the SELINUX problem using your
> distro''s SELINUX troubleshooting tools.
>
> -Tom
>
>
>
>
------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
>
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

-- 


                      ''''''
                     (O O)
  ,-------------- oOO-(_)-OOo -------------,
  |            Stephen Williams            |
  |      Manager of Computer Services      |
  |       Center for Space Research        |
  |     University of Texas at Austin      |
  |     3925 W. Braker Ln., Suite 200      |
  |          Austin, TX 78759-5321         |
  |    512.471.7235  512.471.3570 (fax)    |
  |       williams@csr.utexas.edu          |
  |____________________ Oooo ______________|
                 oooO   (   )
                (   )    ) /
                 \ (    (_/
                  \_)







------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712