On 10/10/2014 2:38 PM, Thomas D. wrote: > Hi Tom, > > like reported yesterday to shorewall-devel [1], upgrading from previous > versions to shorewall-4.6.4 requires *two* restarts. That's not a good > experience: > >> # shorewall status >> Shorewall-4.6.4 Status at gentoo-x64 - Fri Oct 10 23:30:16 CEST 2014 >> >> Shorewall is running >> State:Started (Fri Oct 10 15:19:14 CEST 2014) from /etc/shorewall/ >> (/var/lib/shorewall/firewall compiled by Shorewall version 4.6.3.4) >> >> # shorewall safe-restart >> Compiling... >> Processing /etc/shorewall/params ... >> Processing /etc/shorewall/shorewall.conf... >> Loading Modules... >> Compiling /etc/shorewall/zones... >> Compiling /etc/shorewall/interfaces... >> Determining Hosts in Zones... >> Locating Action Files... >> Compiling /etc/shorewall/policy... >> Running /etc/shorewall/initdone... >> Adding Anti-smurf Rules >> Compiling TCP Flags filtering... >> Compiling Kernel Route Filtering... >> Compiling Martian Logging... >> Compiling MAC Filtration -- Phase 1... >> Compiling /etc/shorewall/blrules... >> Compiling /etc/shorewall/rules... >> Compiling /etc/shorewall/conntrack... >> Compiling MAC Filtration -- Phase 2... >> Applying Policies... >> Compiling /usr/share/shorewall/action.Reject for chain Reject... >> Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... >> Generating Rule Matrix... >> Optimizing Ruleset... >> Creating iptables-restore input... >> Shorewall configuration compiled to /var/lib/shorewall/.restart >> Currently-running Configuration Saved to /var/lib/shorewall/.safe >> Usage: /var/lib/shorewall/firewall [ options ] <command> >> >> <command> is one of: >> start >> stop >> clear >> disable <interface> >> down <interface> >> enable <interface> >> reset >> refresh >> restart >> run <command> [ <parameter> ... ] >> status >> up <interface> >> version >> >> Options are: >> >> -v and -q Standard Shorewall verbosity controls >> -n Don't update routing configuration >> -p Purge Conntrack Table >> -t Timestamp progress Messages >> -V <verbosity> Set verbosity explicitly >> -R <file> Override RESTOREFILE setting >> Restarting... >> Restarting Shorewall.... >> Initializing... >> Processing /etc/shorewall/init ... >> Processing /etc/shorewall/tcclear ... >> Setting up Route Filtering... >> Setting up Martian Logging... >> Setting up log backend >> Setting up Proxy ARP... >> Preparing iptables-restore input... >> Running /sbin/iptables-restore... >> IPv4 Forwarding Disabled! >> Processing /etc/shorewall/start ... >> Processing /etc/shorewall/started ... >> done. >> Do you want to accept the new firewall configuration? [y/n] n
If you answer 'y' here, you are finished. The new configuration started successfully; the 'usage' output is harmless, albeit confusing. I'll push a patch to Sourceforge shortly. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
