On 10/6/2020 3:59 PM, Simon Matter wrote: >> On 10/4/20 10:18 AM, Matt Darfeuille wrote: >>> On 10/4/2020 6:58 PM, Simon Matter wrote: >>>> Hi, >>>> >>>> I've just updated Shorewall from 5.2.7 to 5.2.8 and did a reload just >>>> to >>>> see that the rules haven't been updated: >>>> >>>> [root@abc ~]# shorewall reload >>>> Reloading Shorewall.... >>>> Initializing... >>>> Processing /etc/shorewall/init ... >>>> Setting net.netfilter.nf_conntrack_max = 1048576 >>>> Processing /etc/shorewall/tcclear ... >>>> Setting up Route Filtering... >>>> Setting up Martian Logging... >>>> Setting up Proxy ARP... >>>> Setting up Traffic Control... >>>> Preparing iptables-restore input... >>>> Running /sbin/iptables-restore ... >>>> IPv4 Forwarding Enabled >>>> Processing /etc/shorewall/start ... >>>> Processing /etc/shorewall/started ... >>>> done. >>>> [root@abc ~]# shorewall status >>>> Shorewall 5.2.8 Status at abc.bi.corp.invoca.ch - Sun Oct 4 18:50:45 >>>> CEST >>>> 2020 >>>> >>>> Shorewall is running >>>> State:Started Sun Oct 4 18:50:40 CEST 2020 from /etc/shorewall/ >>>> (/var/lib/shorewall/firewall compiled Sun Oct 4 18:45:29 CEST 2020 by >>>> Shorewall version 5.2.7) >>>> >>>> I thought this has always worked and I didn't change anything. >>>> >>>> Am I just too tired (lack of coffee) or was there a change I'm missing? >>>> I'm confused. >>>> >>> >>> Compilation will only happen when '/etc/shorewall' is modified. >>> So if I'm not mistaking, updating the firewall will not trigger a >>> recompilation. >>> >> >> Recompilation should occur if ANY file in ANY directory in $CONFIG_PATH >> changes. Given that installing a new version updates >> /usr/share/shorewall/, 'reload' after an update should force >> re-compilation. >> >> I reproduced this problem using the tarball installers. >> >> Simon -- How did you upgrade? > > Dear Tom and all, > > For a test I've downgraded to shorewall-5.2.6.1 and saw the same behavior. > > 'shorewall reload' doesn't recompile but only modifying a config file in > '/etc/shorewall' triggers the recompile. > > IIRC that wasn't the case in the past. Whenever I upgraded a Shorewall > instance I'd just issue 'shorewall reload' and it recompiled the firewall. >
In the meantime, the -c option (1) can be used to trigger reconpilation. 1) -- Matt Darfeuille <m...@shorewall.org> Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
