forum.excito.org

Hi,

I have installed shorewall, following Gordons excellent guide. I want to run shorewall because I'm a bit used to it , and its easy to get logging the way I want it.
However, shorewall starts allright, everything works just fine, for a little while, then shorewall stops. I cannot find any trace in any file in /var/logs on the reason why....
I start shorewall, it runs just fine, then stops after a while, still no trace, I start...repeat...

any ideas ?

Thanx
/zw

What do you mean "Shorewall stops"? There are some mechanisms that cause the iptables rules to be reloaded from the firewall.conf in /etc/network, could that be what you're seeing?

It just stops running. I start it, at boot or manually, and then after a while if I do shorewall status I get 'shorewall is stopped'.
I haven't sofar been able to locate any messages in any log file to why this is happening.

I read a post here about dhcp, that the dhcp client could overwrite the firewall rules, so I started a small one-liner that every 5 sec checked for DHCP messages in daemon.log and check shorewall status, to see if the DHCP thingy caused this, but it doesn't look like thats the problem. On the other hand, I did a iptables-save > /etc/network/firewall.conf directly after I started shorewall last time and it is still running...

Are there other mechanisms that can cause the iptables to reload ? Also, should I still have /etc/init.d/bubba-firewall active or should I disable it and only run shorewall startup at boot ? I'm a bit confused about how Bubba handle this...

Thanx
/zw

There can be only one

On the other hand, I guess it doesn't really matter how you accomplish things. Shorewall is a controlling script for generating iptables rules and if you save these rules to the bubba-firewall config file then running either of them will result in the same firewall. I'm actually not really sure how Shorewall tracks its own "running" state; does it ever return anything different than the "Shorewall is stopped"-message?