On 10/6/2020 5:22 PM, Tom Eastep wrote: > On 10/6/20 6:59 AM, Simon Matter wrote: >>> On 10/4/20 10:18 AM, Matt Darfeuille wrote: >>>> On 10/4/2020 6:58 PM, Simon Matter wrote: >>>>> Hi, >>>>> >>>>> I've just updated Shorewall from 5.2.7 to 5.2.8 and did a reload just >>>>> to >>>>> see that the rules haven't been updated: >>>>> >>>>> [root@abc ~]# shorewall reload >>>>> Reloading Shorewall.... >>>>> Initializing... >>>>> Processing /etc/shorewall/init ... >>>>> Setting net.netfilter.nf_conntrack_max = 1048576 >>>>> Processing /etc/shorewall/tcclear ... >>>>> Setting up Route Filtering... >>>>> Setting up Martian Logging... >>>>> Setting up Proxy ARP... >>>>> Setting up Traffic Control... >>>>> Preparing iptables-restore input... >>>>> Running /sbin/iptables-restore ... >>>>> IPv4 Forwarding Enabled >>>>> Processing /etc/shorewall/start ... >>>>> Processing /etc/shorewall/started ... >>>>> done. >>>>> [root@abc ~]# shorewall status >>>>> Shorewall 5.2.8 Status at abc.bi.corp.invoca.ch - Sun Oct 4 18:50:45 >>>>> CEST >>>>> 2020 >>>>> >>>>> Shorewall is running >>>>> State:Started Sun Oct 4 18:50:40 CEST 2020 from /etc/shorewall/ >>>>> (/var/lib/shorewall/firewall compiled Sun Oct 4 18:45:29 CEST 2020 by >>>>> Shorewall version 5.2.7) >>>>> >>>>> I thought this has always worked and I didn't change anything. >>>>> >>>>> Am I just too tired (lack of coffee) or was there a change I'm missing? >>>>> I'm confused. >>>>> >>>> >>>> Compilation will only happen when '/etc/shorewall' is modified. >>>> So if I'm not mistaking, updating the firewall will not trigger a >>>> recompilation. >>>> >>> >>> Recompilation should occur if ANY file in ANY directory in $CONFIG_PATH >>> changes. Given that installing a new version updates >>> /usr/share/shorewall/, 'reload' after an update should force >>> re-compilation. >>> >>> I reproduced this problem using the tarball installers. >>> >>> Simon -- How did you upgrade? >> >> Dear Tom and all, >> >> For a test I've downgraded to shorewall-5.2.6.1 and saw the same behavior. >> >> 'shorewall reload' doesn't recompile but only modifying a config file in >> '/etc/shorewall' triggers the recompile. >> >> IIRC that wasn't the case in the past. Whenever I upgraded a Shorewall >> instance I'd just issue 'shorewall reload' and it recompiled the firewall. >> > > I'm no longer able to reproduce this... >
Same here, I just updated to 5.2.8 and 'shorewall reload' with or without 'shorewall update' is triggering compilation (built from Git). -- Matt Darfeuille <m...@shorewall.org> Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
