Hi; I've read a little in the extensive shorewall documentation and think it's a special, though maybe not uncommon use case.
I think we do not need to change dhcpcd defaults (yet). IMHO it's up to Timothy to either live with the drawbacks Andrew outlined or to look for a proper solution, which may help us as well improving the defaults. First of all Timothy didn't provide enough details, but at least there was quick solution which isn't worse than the previous situation. Second Timothy may ask for help on shorewall list, where the experts are on. Third I guess it could be solved with some more config settings, e.g using "wait" and "required" in shorewall/interfaces..., but it requires testing - and patience. kp Am Mittwoch, 21. Januar 2015, 12:04:39 schrieb Andrew: > Hi. > Practical purpose for 'background' option - this is: > 1) dhcpcd will not die if no carrier on WAN during boot > 2) boot speedup when something is wrong in network (no lease obtained). > > IMHO we need to do something with shorewall - rules should be updated > (at least partially) when new lease is obtained. In other case - missing > carrier for some time will cause DHCP IP change, and non-working > firewall/NAT. > > 21.01.2015 03:59, Timothy Wegner пишет: > > My Shorewall problem is solved for practical purposes, but now I am > > curious :-) > > > > So what is the dhcpcd configuration option "background" good for? The > > documentation says: > > > > background > > > > Background immediately. This is useful for startup scripts > > which > > don't disable link messages for carrier status. > > > > What (if anything) have I given up by commenting out "background"? > > > > What would have to be done for Shorewall to start successfully with > > the dhcpcd "background" option turned on? > > > > Seems to me from Leaf's point of view, while in a perfect world > > Shorewall's startup scripts could cope with dhcpcd's background, the > > pragmatic answer is that Leaf's dhcpcd and shorewall package defaults > > should be compatible. > > > > On Tue, Jan 20, 2015 at 5:19 PM, Erich Titl <erich.t...@think.ch> wrote: > >> Hi > >> > >> Am 20.01.2015 um 17:30 schrieb Timothy Wegner: > >>> Hi kp, > >>> > >>> You were exactly right! As you suggested I commented out the bottom > >>> line of /etc/dhcpcd.conf: > >>> > >>> #background > >>> > >>> and then shorewall started OK. > >> > >> My 0.02€ (can't use swiss francs anymore, too expensive) > >> > >> It cannot be the resposibility of dhcpcd to make sure shorewall starts > >> correctly. It is the bloody duty of the init proces that starts > >> shorewall to check for dependencies and handle errors gracefully. > >> > >> We did have similar issues in the past, for example using PCMCIA > >> network cards, the same is true for ipsec without a reasonable clock > >> (which we had). We may need a new way of detecting dependencies in the > >> init scripts. > >> > >> cheers > >> > >> Erich ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
