Re: [Shorewall-users] systemd shorewall[6].service file

Tue, 05 Jan 2016 02:42:07 -0800 

On Sat, 2 Jan 2016 09:10:29 -0800
Tom Eastep <teas...@shorewall.net> wrote:
> > 
> > Dec 18 13:18:31 elmo.example.com shorewall6[1889]: Compiling...
> > Dec 18 13:18:35 elmo.example.com shorewall6[1889]:
> > Processing /etc/shorewall6/params ... Dec 18 13:18:35
> > elmo.example.com shorewall6[1889]:
> > Processing /etc/shorewall6/shorewall6.conf... Dec 18 13:18:35
> > elmo.example.com shorewall6[1889]: Loading Modules... Dec 18
> > 13:18:38 elmo.example.com shorewall6[1889]: Another app is
> > currently holding the xtables lock. Perhaps you want to use the -w
> > option? Dec 18 13:18:40 elmo.example.com shorewall6[1889]: ERROR:
> > Cannot Create Mangle chain fooX2349 Dec 18 13:18:40
> > elmo.example.com systemd[1]: shorewall6.service: main process
> > exited, code=exited, status=255/n/a Dec 18 13:18:40
> > elmo.example.com systemd[1]: Failed to start Shorewall IPv6
> > firewall. Dec 18 13:18:40 elmo.example.com systemd[1]: Unit
> > shorewall6.service entered failed state. Dec 18 13:18:40
> > elmo.example.com systemd[1]: shorewall6.service failed.
> > 
> > If you do supply the service files, either shorewall.service needs:
> > [Unit]
> > Before=network-online.target shorewall6.service
> > 
> > or shorewall6.service needs:
> > [Unit]
> > After=network-online.target shorewall.service
> > 
> > Right now they read:
> > [Unit]
> > After=network-online.target
> > 
> 
> Simply set LOCKFILE to the same value in both shorewall.conf and
> shorewall6.conf.
> 
> -Tom

I did the ordering for services but that is wrong approach. Like using
same LOCKFILE is.
Correct thing is to detect if iptables has --wait option (new
capability?) that --wait option is added to all iptables and ip6tables
executions to prevent issue.

-- 
Tuomo Soini <t...@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

Attachment: pgpj9uRGBzKcR.pgp
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to