Hi there, We ran in a problem regarding shorewall after upgrading servers from debian squeeze to wheezy. We are currently running a bridged interface on a host running debian wheezy with several virtual machines connected to it. The shorewall starts just fine and everything is firewalled. If we restart a VM without restarting shorewall after, the restarted VM is unprotected. For example, on host 10.1.2.191 on host2 the port 3306 should only be accessible by 10.1.3.153. After we restart the VM without restarting shorewall, the port can be accessed by everybody. During restart of the VM the vif gets removed and newly assigned to the bridge. It seems something changed in enumerating the vif and the iptable rules don't match up with the new vif. We tried troubleshooting it by downgrading the shorewall to a version, which comes shipped with debian squeeze, but no luck. Anybody else experiencing this problem at the moment? Or does anybody has any idea we could try? Regards, Jan Attachment: host1.txt - a working machine with debian squeeze host2.working.txt - dump taken after shorewall was started host2.notworking.txt - dump after vm restarted without shorewall restart ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk