(1) https://shorewall.org/Introduction.html has the sentence "Shorewall is not a daemon."
"shorewall status" reports "Shorewall is running" or "Shorewall is stopped". Those status reports are semantically inconsistent with "not a daemon". Status reports such as "Shorewll has configured Netfilter" and "Shorewall has cleared its configuration of Netfilter" would be better. (2) The linux router here has dnsmasq and shorewall installed. The connection to the net is by WiFi with DHCP. The WiFi link is started manually. Shorewall does not run automatically when the system is started. Whether shorewall has started or stopped, "echo $FW" always gives an empty line. What should be in $FW? /etc/shorewall/rules has these lines. # Accept DNS connections from the firewall to the network DNS(ACCEPT) $FW net When WiFi is connected, the 'net is accessible. After "shorwall start" this. root@joule:/etc/shorewall# nslookup google.ca ;; connection timed out; no servers could be reached After "shorwall stop" this. root@joule:/etc/shorewall# nslookup google.ca ... Non-authoritative answer: Name: google.ca Address: 172.217.3.195 Name: google.ca Address: 2607:f8b0:400a:809::2003 Any suggestion about the failure of name resolution? Thanks, ... Peter E. -- Tel: +1 604 670 0140 Bcc: peter at easthope. ca _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
