On 9/28/2016 7:25 PM, Tom Eastep wrote: > On 9/28/2016 10:34 AM, Filippo Carletti wrote: >> I can't find what I'm doing wrong, I can't observe the documented >> behaviour of shorewall disable <provider>. >> >> # shorewall status -i | grep Interface >> Interface enp2s0 is Enabled >> Interface enp3s0 is Enabled >> # shorewall disable enp3s0 >> Provider adsl (1) stopped >> # shorewall status -i | grep Interface >> Interface enp2s0 is Enabled >> Interface enp3s0 is Disabled >> # shorewall restart >> # shorewall status -i | grep Interface >> Interface enp2s0 is Enabled >> Interface enp3s0 is Enabled >> >> Log above using Shorewall-5.0.8.2, but I have the same problem with >> Shorewall-4.6.4.3. >> >> The changelog says: >> >> Beginning with Shorewall 4.5.3.1: >> >> - The 'disable' command stores a 1 in the interface's .status file. >> - The .status file is ignored on 'enable' but not on 'start', >> 'restart', 'restore' and 'refresh'. >> >> This means that a disabled interface can only be re-enabled using >> the 'enable' command. >> >> Some config details: >> # tail -2 /etc/shorewall/providers >> adsl 1 0x10000 - enp3s0 10.70.70.1 track,balance=100,persistent - >> fibra 2 0x20000 - enp2s0 10.57.1.1 track,balance=1,persistent - >> # grep RESTART /etc/shorewall/shorewall.conf >> RESTART=reload >> >> >> Any hint how to debug this? > > Do any of your extension scripts manipulate /var/lib/shorewall/*.status? >
Nevermind -- this is definitely broken. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
