On Tue, 2011-03-01 at 14:08 +0100, Tom Erjavec wrote:
> Hello Team,
>
> I am now able to reproduce my problems with yate / shorewall that I
> raised 10 days ago. The changes I did to shorewall policy file or rules
> file were not reflected if I restarted shorewall. It was the same result
> when restarting in either web interface or CLI. The policy and the rules
> seem not to be re-compiled during a shorewall web restart or
> # /etc/init.d/shorewall restart .
>
> However, if I stop shorewall and start it again, then the re-compilation
> is always done and the changes are reflected.
> I suppose that a restart should re-compile as well.
>
> I hope this description can be understood and helpful.
>
> Tom
Tom and I have been having an off-list email exchange about this.
The problem is as follows:
/sbin/shorewall restart works fine
/etc/init.d/shorewall restart does *not* pick up new rules
The code in /etc/init.d/shorewall says:
# restart the firewall
shorewall_restart () {
echo -n "Restarting \"Shorewall firewall\": "
$SRWL $OPTIONS restart 2>&1 && echo "done."
return 0
The problem is the value of $OPTIONS which is set to "-f"
in /etc/default/shorewall and the Shorewall docs say:
The -f option suppresses the compilation step and simply reused the
compiled script which last started/restarted Shorewall.
IMHO this is not right, and Tom points out that it is different from
Bering-uClibc 3.x.
Should we just remove the value for $OPTIONS in /etc/default/shorewall
by setting it to an empty string? Expert users could still set it back
to "-f" if required. I am happy to make that change if nobody objects.
davidMbrooke
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
