Re: [Shorewall-users] Keep provider disabled after restart

Fri, 30 Sep 2016 09:08:27 -0700 

On 9/29/2016 3:19 PM, Tom Eastep wrote:
> On 9/28/2016 7:25 PM, Tom Eastep wrote:
>> On 9/28/2016 10:34 AM, Filippo Carletti wrote:
>>> I can't find what I'm doing wrong, I can't observe the documented
>>> behaviour of shorewall disable <provider>.
>>>
>>> # shorewall status -i | grep Interface
>>>    Interface enp2s0 is Enabled
>>>    Interface enp3s0 is Enabled
>>> # shorewall disable enp3s0
>>>    Provider adsl (1) stopped
>>> # shorewall status -i | grep Interface
>>>    Interface enp2s0 is Enabled
>>>    Interface enp3s0 is Disabled
>>> # shorewall  restart
>>> # shorewall status -i | grep Interface
>>>    Interface enp2s0 is Enabled
>>>    Interface enp3s0 is Enabled
>>>
>>> Log above using Shorewall-5.0.8.2, but I have the same problem with
>>> Shorewall-4.6.4.3.
>>>
>>> The changelog says:
>>>
>>>     Beginning with Shorewall 4.5.3.1:
>>>
>>>     - The 'disable' command stores a 1 in the interface's .status file.
>>>     - The .status file is ignored on 'enable' but not on 'start',
>>>       'restart', 'restore' and 'refresh'.
>>>
>>>     This means that a disabled interface can only be re-enabled using
>>>     the 'enable' command.
>>>
>>> Some config details:
>>> # tail -2 /etc/shorewall/providers
>>> adsl 1 0x10000 - enp3s0 10.70.70.1 track,balance=100,persistent -
>>> fibra 2 0x20000 - enp2s0 10.57.1.1 track,balance=1,persistent -
>>> # grep RESTART /etc/shorewall/shorewall.conf
>>> RESTART=reload
>>>
>>>
>>> Any hint how to debug this?
>>
>> Do any of your extension scripts manipulate /var/lib/shorewall/*.status?
>>
> 
> Nevermind -- this is definitely broken.
> 

It seems to be broken only for persistent providers, provided that you
have the correct 'isusable' script. If you run Debian or Ubuntu, you
will need to copy 'isusable' from
/usr/share/doc/shorewall-common/default-config to /etc/shorwall/.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to