On Sat, 2018-06-30 at 08:25 -0700, Tom Eastep wrote: > > If 'shorewall show version' returns '5.2.0', then you do not have the > fix on your administrative system. If it returns '5.2.0.1', then you > do > have the fix.
$ shorewall show version ERROR: Cannot read /etc/shorewall/shorewall.conf! (Hint: Are you root?) $ sudo shorewall show version ERROR: Chain 'version' is not recognized by /sbin/iptables. $ shorewall version 5.2.0.4 $ ssh gw shorewall-lite version\; ps -ef \| grep lock 5.1.12.3 root 3288 1 0 05:07 ? 00:00:00 lock /etc/shorewall-lite/state/lock root 8106 1 0 05:09 ? 00:00:00 lock /etc/shorewall-lite/state/lock I think I finally do have the required versions now, yes? However, as you can see above, we still have stale/orphan locks/processes hanging around. > The script cannot insure idempotency when it is interrupted at an > arbitrary point. It writes into its 'undo' files after the successful > completion of an 'ip' command, so a failure after the command and > before > the 'undo' record is written can cause incorrect behavior the next > time > that the script is run. Pity. Although, I agree it's a difficult problem. I usually solve those kinds of problems by growing the/an "undo" stack as I "do". That is for every action I take, I push the undo of that operation onto a stack that I can execute if I get stopped at any point. Cheers, b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
