On Sat, 2 Jan 2016 09:10:29 -0800 Tom Eastep <teas...@shorewall.net> wrote: > > > > Dec 18 13:18:31 elmo.example.com shorewall6[1889]: Compiling... > > Dec 18 13:18:35 elmo.example.com shorewall6[1889]: > > Processing /etc/shorewall6/params ... Dec 18 13:18:35 > > elmo.example.com shorewall6[1889]: > > Processing /etc/shorewall6/shorewall6.conf... Dec 18 13:18:35 > > elmo.example.com shorewall6[1889]: Loading Modules... Dec 18 > > 13:18:38 elmo.example.com shorewall6[1889]: Another app is > > currently holding the xtables lock. Perhaps you want to use the -w > > option? Dec 18 13:18:40 elmo.example.com shorewall6[1889]: ERROR: > > Cannot Create Mangle chain fooX2349 Dec 18 13:18:40 > > elmo.example.com systemd[1]: shorewall6.service: main process > > exited, code=exited, status=255/n/a Dec 18 13:18:40 > > elmo.example.com systemd[1]: Failed to start Shorewall IPv6 > > firewall. Dec 18 13:18:40 elmo.example.com systemd[1]: Unit > > shorewall6.service entered failed state. Dec 18 13:18:40 > > elmo.example.com systemd[1]: shorewall6.service failed. > > > > If you do supply the service files, either shorewall.service needs: > > [Unit] > > Before=network-online.target shorewall6.service > > > > or shorewall6.service needs: > > [Unit] > > After=network-online.target shorewall.service > > > > Right now they read: > > [Unit] > > After=network-online.target > > > > Simply set LOCKFILE to the same value in both shorewall.conf and > shorewall6.conf. > > -Tom
I did the ordering for services but that is wrong approach. Like using same LOCKFILE is. Correct thing is to detect if iptables has --wait option (new capability?) that --wait option is added to all iptables and ip6tables executions to prevent issue. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/>
pgpj9uRGBzKcR.pgp
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users