Re: [Shorewall-users] Shorewall need clear to work after reboot

[damjan--- via Shorewall-users]

Hi

Did you also do this »systemctl enable shorewall«

 

 

From: Robert K Coffman Jr. -Info From Data Corp. <bcoff...@infofromdata.com> 
Sent: Tuesday, January 13, 2026 6:58 PM
To: Shorewall Users <shorewall-users@lists.sourceforge.net>
Subject: Re: [Shorewall-users] Shorewall need clear to work after reboot

 

Logging is too deep for me to go into here - on my system, there is a 
shorewall-init log in /var/log.  I suspect your system has this in logcontrol.

Here is the contents of the init.d job that starts shorewall on my firewalls.  
For some changes to my configuration, I have to use this script before 
shorewall start, or else the change doesn't work.  I only bring it up because 
perhaps the difference between "/etc/init.d/shorewall start" and "shorewall 
start" could be used to fix your problem.  Strictly speculation however.

#!/bin/sh

RCDLINKS="2,S19 3,S19 4,S19 5,S19 0,K91 6,K91"

OPTIONS=""

WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup

# Use /etc/default shorewall to specify $OPTIONS and STARTOPTIONS to
# run at startup, however this this might prevent shorewall from
# starting. use at your own risk
if [ -f "/etc/default/shorewall" ] ; then
    . /etc/default/shorewall
fi

# wait for an unconfigured interface
wait_for_pppd () {
        if [ "$wait_interface" != "" ]
        then
           if [ -f $WAIT_FOR_IFUP ]
           then
                for i in $wait_interface
                do
                        $WAIT_FOR_IFUP $i 60
                done
           else
               echo "$WAIT_FOR_IFUP: File not found"
               exit 2
           fi
        fi
}


start() {
        echo "Starting IPv4 shorewall rules..."
        wait_for_pppd
        [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
        /sbin/shorewall $OPTIONS start $STARTOPTIONS
        [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
}

stop() {
        echo "Stopping IPv4 shorewall rules..."
        /sbin/shorewall stop
}

refresh() {
        echo "Refreshing IPv4 shorewall rules..."
        /sbin/shorewall refresh $REFRESHOPTIONS
}


reload() {
        echo "Reloading IPv4 shorewall rules..."
        /sbin/shorewall reload $RELOADOPTIONS
}

restart() {
        echo "Restarting IPv4 shorewall rules..."
        [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
        /sbin/shorewall restart $RESTARTOPTIONS
        [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
}

status() {
        /sbin/shorewall status
}

case "$1" in
    'start')
                start
        ;;
    'stop')
                stop
        ;;
    'refresh')
                refresh
        ;;
    'reload')
                reload
        ;;
    'restart')
                restart
        ;;
    'status')
                status
        ;;
    *)
                echo "Usage: $0 start|stop|refresh|reload|restart|status"
        ;;
esac

exit 0

# All done

- Bob

On 1/13/2026 11:36:39 AM, rcor...@edos.cl <mailto:rcor...@edos.cl>  wrote:

Hi Robert,

Do you mean shorewall show log or other?

 

Thx

 

El 2026-01-13 13:11, Robert K Coffman Jr. -Info From Data Corp. escribió:

Ok - what do the logs say after a reboot?  One potential issue that might cause 
this is the status of any interfaces that are required but not ready when 
shorewall starts.

On 1/13/2026 9:52:47 AM, rcor...@edos.cl <mailto:rcor...@edos.cl>  wrote:

Hi Robert,

 

I'm using systemcl 

 

systemctl enable shorewall after install package.

 

Thx.

 

El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. escribió:

How are you starting Shorewall after a reboot?

 

On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote:

Hi Simon, 

i use shorewall from shorewall site reference, in this case 5.1.12 from 
https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ 
and 5.2.8 from https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ 

5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. 
5.2.8-12 start but dont work nat/dnat/proxyarp 

Thx 

El 2026-01-13 04:56, Simon Matter escribió: 

Hi, 

Hello everyone! 

Somebody know why or how to fix shorewall for not need clear and start 
after reboot?  i have EL7 and shorewall 5.1.12, previously working with 
5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp 
dont work.


Seems that your shorewall start is not working properly. Are you using a 
shorewall package from epel? If so you could check the changelog to see 
who has packaged it and ask directly? 

Regards, 
Simon



_______________________________________________ 
Shorewall-users mailing list 
Shorewall-users@lists.sourceforge.net 
<mailto:Shorewall-users@lists.sourceforge.net>  
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-- 
Robert K Coffman Jr.
Info From Data Corp.
3307249000
supp...@infofromdata.com <mailto:supp...@infofromdata.com> 

 

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net 
<mailto:Shorewall-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-- 
Robert K Coffman Jr.
Info From Data Corp.
3307249000
supp...@infofromdata.com <mailto:supp...@infofromdata.com> 

 

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net 
<mailto:Shorewall-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/shorewall-users

-- 
Robert K Coffman Jr.
Info From Data Corp.
3307249000
supp...@infofromdata.com <mailto:supp...@infofromdata.com> 


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users