On 2023-10-21, at 14:39:51 +0300, Vincas Dargis wrote: > On Sat, 21 Oct 2023 11:44:25 +0100 Jeremy Sowden <jer...@azazel.net> wrote: > > On 2023-10-21, at 11:53:54 +0300, Vincas Dargis wrote: > > > Any ideas how to "workaround" it? > > > > I am working on a fix atm. > Thanks! > > But I was instructed in #shorewall that this is NetworkManager script, > it's just named "feroda": > > > https://gitlab.com/shorewall/code/-/blob/master/Shorewall/init.fedora.sh?ref_type=heads > > Or you feel that it's not usable for Debian?
The problem you have is that Shorewall used to be started and stopped by
NetworkManager, when it brought your network interface up and down, by
running a script provided by the shorewall-init package for ifupdown,
which is another tool for managing network interfaces. However,
NetworkManager has stopped running ifupdown scripts because the
interfaces for its own scripts and the ifupdown ones are not the same
and the mismatch could lead to problems. As it happens, NetworkManager
can safely run the Shorewall script, so I am in the process of adding an
NetworkManager script that will run the ifupdown one.
init.fedora.sh, on the other hand, is a System V init-script (it starts
Shorewall when your system comes up and stops it when you shut down or
reboot), and it's intended for Red Hat and Fedora. Sysvinit has been
superseded in most distributions these days by Systemd. The Shorewall
packages in Debian do include Systemd support, so if starting your
firewall on boot is an option, you can do:
# systemctl enable shorewall
and (if you have configured Shorewall for ipv6):
# systemctl enable shorewall6
instead.
If you do so, then set `IFUPDOWN` to zero in /etc/default/shorewall{,6}.
J.
signature.asc
Description: PGP signature
