> On 10/4/20 10:18 AM, Matt Darfeuille wrote: >> On 10/4/2020 6:58 PM, Simon Matter wrote: >>> Hi, >>> >>> I've just updated Shorewall from 5.2.7 to 5.2.8 and did a reload just >>> to >>> see that the rules haven't been updated: >>> >>> [root@abc ~]# shorewall reload >>> Reloading Shorewall.... >>> Initializing... >>> Processing /etc/shorewall/init ... >>> Setting net.netfilter.nf_conntrack_max = 1048576 >>> Processing /etc/shorewall/tcclear ... >>> Setting up Route Filtering... >>> Setting up Martian Logging... >>> Setting up Proxy ARP... >>> Setting up Traffic Control... >>> Preparing iptables-restore input... >>> Running /sbin/iptables-restore ... >>> IPv4 Forwarding Enabled >>> Processing /etc/shorewall/start ... >>> Processing /etc/shorewall/started ... >>> done. >>> [root@abc ~]# shorewall status >>> Shorewall 5.2.8 Status at abc.bi.corp.invoca.ch - Sun Oct 4 18:50:45 >>> CEST >>> 2020 >>> >>> Shorewall is running >>> State:Started Sun Oct 4 18:50:40 CEST 2020 from /etc/shorewall/ >>> (/var/lib/shorewall/firewall compiled Sun Oct 4 18:45:29 CEST 2020 by >>> Shorewall version 5.2.7) >>> >>> I thought this has always worked and I didn't change anything. >>> >>> Am I just too tired (lack of coffee) or was there a change I'm missing? >>> I'm confused. >>> >> >> Compilation will only happen when '/etc/shorewall' is modified. >> So if I'm not mistaking, updating the firewall will not trigger a >> recompilation. >> > > Recompilation should occur if ANY file in ANY directory in $CONFIG_PATH > changes. Given that installing a new version updates > /usr/share/shorewall/, 'reload' after an update should force > re-compilation. > > I reproduced this problem using the tarball installers. > > Simon -- How did you upgrade?
Dear Tom and all, For a test I've downgraded to shorewall-5.2.6.1 and saw the same behavior. 'shorewall reload' doesn't recompile but only modifying a config file in '/etc/shorewall' triggers the recompile. IIRC that wasn't the case in the past. Whenever I upgraded a Shorewall instance I'd just issue 'shorewall reload' and it recompiled the firewall. Regards, Simon _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
