On 12/30/2017 12:56 AM, Tom Eastep wrote: > On 12/29/2017 03:21 PM, Tom Eastep wrote: >> On 12/29/2017 3:01 PM, Rob wrote: >>> Hi, >> >>> First of all, some requested outputs: >> >>> $ /sbin/shorewall version 5.1.10.1 >> >>> $ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc >>> noqueue state UNKNOWN group default qlen 1000 link/loopback >>> 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host >>> lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host >>> valid_lft forever preferred_lft forever 2: eth0: >>> <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP >>> group default qlen 1000 link/ether 00:1d:09:a8:93:1d brd >>> ff:ff:ff:ff:ff:ff inet 192.168.1.6/24 brd 192.168.1.255 scope >>> global eth0 valid_lft forever preferred_lft forever inet6 >>> fe80::21d:9ff:fea8:931d/64 scope link valid_lft forever >>> preferred_lft forever 3: wlp12s0: <BROADCAST,MULTICAST> mtu 1500 >>> qdisc noop state DOWN group default qlen 1000 link/ether >>> 00:1c:bf:c3:f5:82 brd ff:ff:ff:ff:ff:ff >> >>> $ ip route show default via 192.168.1.254 dev eth0 192.168.1.0/24 >>> dev eth0 proto kernel scope link src 192.168.1.6 >> >>> I just booted my laptop this afternoon and run a system update. I >>> upgraded to shorewall-5.1.10.1-1, shorewall-core-5.1.10.1-1 and >>> shorewall6-5.1.10.1-1. While downloading these and other updates, >>> I noticed some unexpected NFS activity. I completed the upgrade >>> and ran `systemctl daemon-reload` to restart shorewall, and started >>> to investigate the NFS activity. An autofs (automount) NFS mount >>> point shared from my server was mounted (mount point in my homedir) >>> and I also noticed these processes: >> >>> root 5300 1 0 14:54 ? 00:00:00 /bin/sh >>> /usr/bin/shorewall -6 start root 5322 5300 18 14:54 ? >>> 00:00:34 find -newer /var/lib/shorewall6/firewall >> >>> Is this expected behaviour? I've never noticed it before. I'm >>> guessing the `find` triggered the autofs mount. But why the need >>> for `find`? I was not able to determine much else before the find >>> command finished. There was not a lot of NFS traffic, but the >>> server is next to my desk and I could see the HDD light flashing >>> away for the duration. >> >>> I should add that the previous shorewall version was 5.1.10-1. >> >> I suspect that the previous version was a earlier :-) >> >> The 'find' is triggered by AUTOMAKE=Yes. So if you replaced your older >> shorewall[6].conf with the latest, AUTOMAKE=Yes is now set by default. >> > > For the next release, I'll add '-mindepth 1 -maxdepth 1' to the "find" > predicates to limit the search to just the files in each directory in > the CONFIG_PATH. >
Tom, I was about to report a symilar issue. Would you be willing to push the fix to SF or are you releasing a new version of Shorewall soon? -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
