Justin,
Thank you for your reply. Bad News followed by Good News!
Justin
Thanks for the response. By chance I discovered that Gmail had stuffed your
reply in Spam :(
>> Are you running a cronjob which is messing with it ?
I've checked the Cron jobs and I don't see anything that could be
Are you running a cronjob which is messing with it ?
Check sudo crontab -l and /etc/crontab and /etc/cron.d
When / how often are the ipsets being changed/added ?
Install "psacct" or acct package and enable accounting and see what's running
when that happens. Or move ipset out of the way (or repl
On 11/16/2020 2:09 PM, Matt Darfeuille wrote:
> On 11/16/2020 12:03 PM, Marko Horn via Shorewall-users wrote:
>>
>> hello list,
>> i use shorewall with large blrules that got updated once a day.
>> on 'shorewall restart' it take ages that optimizing ruleset & co got ready.
>> i see 'comile.pl' uses
Hi Matt,
Many thanks for your reply.
Are you using lxd firewall capabilities (1)?:
- If yes, This is unlikely to work as Shorewall will probably modify
what is created by lxd
Firewall in LXD has been disabled:
# lxc network show lxdbr0
config:
ipv4.address: 10.0.0.1/24
ipv4.firewall: "f
On 11/16/2020 12:03 PM, Marko Horn via Shorewall-users wrote:
>
> hello list,
> i use shorewall with large blrules that got updated once a day.
> on 'shorewall restart' it take ages that optimizing ruleset & co got ready.
> i see 'comile.pl' uses just "1" core on the system.
>
> is it possible to
On 11/16/2020 12:34 PM, Łukasz Czerpak wrote:
> Hi,
>
> I've been struggling to setup filtering on a bridge interface. When I
> added "routeback=0", shorewall started blocking communication on the
> bridge. Then I added rules to allow certain connections and Shorewall
> processes them when buildin
Hi,
I've been struggling to setup filtering on a bridge interface. When I
added "routeback=0", shorewall started blocking communication on the
bridge. Then I added rules to allow certain connections and Shorewall
processes them when building iptables script, but it still doesn't work
(connect
hello list,
i use shorewall with large blrules that got updated once a day.
on 'shorewall restart' it take ages that optimizing ruleset & co got
ready.
i see 'comile.pl' uses just "1" core on the system.
is it possible to make compile.pl use every core from cpu?
best regards
marko
--
Mitte
