On 12/29/2017 03:21 PM, Tom Eastep wrote: > On 12/29/2017 3:01 PM, Rob wrote: >> Hi, > >> First of all, some requested outputs: > >> $ /sbin/shorewall version 5.1.10.1 > >> $ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc >> noqueue state UNKNOWN group default qlen 1000 link/loopback >> 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host >> lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever 2: eth0: >> <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP >> group default qlen 1000 link/ether 00:1d:09:a8:93:1d brd >> ff:ff:ff:ff:ff:ff inet 192.168.1.6/24 brd 192.168.1.255 scope >> global eth0 valid_lft forever preferred_lft forever inet6 >> fe80::21d:9ff:fea8:931d/64 scope link valid_lft forever >> preferred_lft forever 3: wlp12s0: <BROADCAST,MULTICAST> mtu 1500 >> qdisc noop state DOWN group default qlen 1000 link/ether >> 00:1c:bf:c3:f5:82 brd ff:ff:ff:ff:ff:ff > >> $ ip route show default via 192.168.1.254 dev eth0 192.168.1.0/24 >> dev eth0 proto kernel scope link src 192.168.1.6 > >> I just booted my laptop this afternoon and run a system update. I >> upgraded to shorewall-5.1.10.1-1, shorewall-core-5.1.10.1-1 and >> shorewall6-5.1.10.1-1. While downloading these and other updates, >> I noticed some unexpected NFS activity. I completed the upgrade >> and ran `systemctl daemon-reload` to restart shorewall, and started >> to investigate the NFS activity. An autofs (automount) NFS mount >> point shared from my server was mounted (mount point in my homedir) >> and I also noticed these processes: > >> root 5300 1 0 14:54 ? 00:00:00 /bin/sh >> /usr/bin/shorewall -6 start root 5322 5300 18 14:54 ? >> 00:00:34 find -newer /var/lib/shorewall6/firewall > >> Is this expected behaviour? I've never noticed it before. I'm >> guessing the `find` triggered the autofs mount. But why the need >> for `find`? I was not able to determine much else before the find >> command finished. There was not a lot of NFS traffic, but the >> server is next to my desk and I could see the HDD light flashing >> away for the duration. > >> I should add that the previous shorewall version was 5.1.10-1. > > I suspect that the previous version was a earlier :-) > > The 'find' is triggered by AUTOMAKE=Yes. So if you replaced your older > shorewall[6].conf with the latest, AUTOMAKE=Yes is now set by default. >
For the next release, I'll add '-mindepth 1 -maxdepth 1' to the "find" predicates to limit the search to just the files in each directory in the CONFIG_PATH. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
