Hi;
Am Dienstag, 3. Januar 2017, 21:05:21 schrieb Martin Hejl:
> Hi Erich
>
> Am 03.01.2017 um 19:59 schrieb Erich Titl:
> > Am 03.01.2017 um 16:04 schrieb Martin Hejl:
> >> Hi all,
> >>
> >> the shorewall init script for 6.0.1 in /etc/init.d/shorewall currently
> >> reads (relevant part only):
> >>
> >> =========================================================
> >>
> >> start() {
> >>
> >> echo "Starting IPv4 shorewall rules..."
> >> wait_for_pppd
> >> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
> >> /sbin/shorewall $OPTIONS start $STARTOPTIONS
> >> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
> >>
> >> }
> >>
> >> stop() {
> >>
> >> echo "Stopping IPv4 shorewall rules..."
> >> /sbin/shorewall stop
> >>
> >> }
> >>
> >> refresh() {
> >>
> >> echo "Refreshing IPv4 shorewall rules..."
> >> /sbin/shorewall refresh $REFRESHOPTIONS
> >>
> >> }
> >>
> >>
> >> reload() {
> >>
> >> echo "Reloading IPv4 shorewall rules..."
> >> /sbin/shorewall reload $RELOADOPTIONS
> >>
> >> }
> >>
> >> restart() {
> >>
> >> echo "Restarting IPv4 shorewall rules..."
> >> /sbin/shorewall restart $RESTARTOPTIONS
> >>
> >> }
> >>
> >> =========================================================
> >>
> >> Shouldn't mount_modules and umount_modules also be called for
> >> "restart()" (possibly also for "refresh()" and "reload()") ?
> >
> > You are possibly right.
> >
> >> I've been trying to figure out why I couldn't get DNAT to work
> >> (shorewall always terminated with an error during "svi shorewall
> >> restart" after me updating /etc/shorewall/rules).
> >>
> >> By doing
> >>
> >> svi shorewall stop
> >> svi shorewall start
> >
> > So you changed the shorewall config and then used a re* call option to
> > bring the changes up. Well I never attempted this. I guess it would not
> > be too hard to mount/umount the modules filesystem for all re* calls.
>
> Is that an unusual approach? I guess I always assumed that
> $ svi serviceName restart
>
> would be equivalent to
> $ svi serviceName stop ; svi serviceName start
>
> > You could actually add this to your router and please provide a patch
> > to KP :-)
>
> I will :-) - I just wanted to make sure my understanding is correct, and
> that I didn't miss anything. It's been a while since I played with
> Bering uClibc, and things have moved on a bit since then.
Patching shorewall init is something that needs to be done, but I doubt it
will solve the issue of missing modules and will be more or less cosmetic.
We've had the issue with ipv6 module recently, and it occured it needs to be
added to /etc/modules to get it as painless as possible for users.
I'm curious if we have a similar pb here.
I'm currently rebuild to get a testbed and will investigate as time permits.
kp
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
leaf-devel mailing list
leaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-devel
