On 2023-10-21, at 13:27:47 +0100, Jeremy Sowden wrote: > On 2023-10-21, at 14:39:51 +0300, Vincas Dargis wrote: > > On Sat, 21 Oct 2023 11:44:25 +0100 Jeremy Sowden wrote: > > > On 2023-10-21, at 11:53:54 +0300, Vincas Dargis wrote: > > > > Any ideas how to "workaround" it? > > > > > > I am working on a fix atm. > > > > Thanks! > > > > But I was instructed in #shorewall that this is NetworkManager > > script, it's just named "feroda": > > > > > > https://gitlab.com/shorewall/code/-/blob/master/Shorewall/init.fedora.sh?ref_type=heads > > > > Or you feel that it's not usable for Debian? > > The problem you have is that Shorewall used to be started and stopped > by NetworkManager, when it brought your network interface up and down, > by running a script provided by the shorewall-init package for > ifupdown, which is another tool for managing network interfaces. > However, NetworkManager has stopped running ifupdown scripts because > the interfaces for its own scripts and the ifupdown ones are not the > same and the mismatch could lead to problems. As it happens, > NetworkManager can safely run the Shorewall script, so I am in the > process of adding an NetworkManager script that will run the ifupdown > one. > > init.fedora.sh, on the other hand, is a System V init-script (it > starts Shorewall when your system comes up and stops it when you shut > down or reboot), and it's intended for Red Hat and Fedora. Sysvinit > has been superseded in most distributions these days by Systemd. The > Shorewall packages in Debian do include Systemd support, so if > starting your firewall on boot is an option, you can do: > > # systemctl enable shorewall > > and (if you have configured Shorewall for ipv6): > > # systemctl enable shorewall6 > > instead.
Actually, since you are using shorewall-init, which also has a service
file, you only need to do this:
# systemctl enable --now shorewall-init
The `--now` switch tells Systemd to start the service as well as
enabling it.
> If you do so, then set `IFUPDOWN` to zero in
> /etc/default/shorewall{,6}.
# sed -i -e 's/\(IFUPDOWN\)=1/\1=0/' /etc/default/shorewall-init
J.
signature.asc
Description: PGP signature
