[Shorewall-users] Interface status not working

Discussion:

Norman Henderson

2016-10-07 13:14:31 UTC

Hi, I have two systems running 5.0.12 on Ubuntu, one is 14.04 LTS the other
16.04 LTS (which includes systemd). Both also run lsm.

Due to systemd, the behavior of "service lsm status" is different on the
16.04 system - it does not return the actual link status only the service
status. It would be nice to know how to get actual status information from
lsm itself. But that's not the main issue.

On the 16.04 system, shorewall status -i does not return any interface
information, I suspect because /var/lib/shorewall/{interfacename}.status
files do not exist. I tried creating them manually but they were deleted
again on restart. Stop/start didn't help.

How should I proceed, to get those status files created and maintained?
And, not really a question for here, but how to get status from lsm when
systemd insists on grabbing the service command?

Thanks,
Norm

Tom Eastep

2016-10-07 13:23:36 UTC

Permalink

Post by Norman Henderson
Hi, I have two systems running 5.0.12 on Ubuntu, one is 14.04 LTS the
other 16.04 LTS (which includes systemd). Both also run lsm.
Due to systemd, the behavior of "service lsm status" is different on the
16.04 system - it does not return the actual link status only the
service status. It would be nice to know how to get actual status
information from lsm itself. But that's not the main issue.
On the 16.04 system, shorewall status -i does not return any interface
information, I suspect because /var/lib/shorewall/{interfacename}.status
files do not exist. I tried creating them manually but they were deleted
again on restart. Stop/start didn't help.
How should I proceed, to get those status files created and maintained?
And, not really a question for here, but how to get status from lsm when
systemd insists on grabbing the service command?

On the 16.04 system, are the interfaces defined as 'optional'?

-Tom

--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

Filippo Carletti

2016-10-07 13:26:07 UTC

Permalink

not really a question for here, but how to get status from lsm when systemd
insists on grabbing the service command?

lsm maintains status and other statistics in its own directory. On
CentOS it's /var/lib/lsm/.
Example:

# cat /var/lib/lsm/status_export
adsl1 up
adsl2 up
fibra1 up
fibra2 up

--
Ciao,
Filippo

Norman Henderson

2016-10-07 14:36:31 UTC

Permalink

Thank you Filippo! And Tom - yes there are some interfaces defined as
"optional"
?FORMAT 2
#ZONE INTERFACE OPTIONS
clean wlan0 routeback,routefilter=1,required
clean vlan1 routeback,routefilter=1,required
maf01 vlan2 routeback,routefilter=1,optional,wait=5
uni01 usb0 routeback,routefilter=1,optional
uni01 usb1 routeback,routefilter=1,optional
- vlan4 #further defined in hosts file
tvc01 vlan5 routeback,routefilter=1,optional,dhcp
cem5t tun1 routeback,optional
...and others

Interestingly, on the 14.04 system, shorewall status -i also shows
interfaces that are non-optional:
?FORMAT 2
#ZONE INTERFACE [BROADCAST] OPTIONS
Dirty eth0 routeback,routefilter=1
...and others

shorewall status -i
Shorewall-5.0.12 Status at VM-CEML - Fri Oct 7 14:33:02 UTC 2016

Shorewall is running
State:Started Fri Oct 7 14:31:15 UTC 2016 from /etc/shorewall/
(/var/lib/shorewall/firewall compiled Fri Oct 7 11:42:04 UTC 2016 by
Shorewall version 5.0.12)

Interface eth0 is Enabled
...and others

- Norm

Post by Norman Henderson

Post by Norman Henderson
not really a question for here, but how to get status from lsm when

systemd

Post by Norman Henderson
insists on grabbing the service command?

lsm maintains status and other statistics in its own directory. On
CentOS it's /var/lib/lsm/.
# cat /var/lib/lsm/status_export
adsl1 up
adsl2 up
fibra1 up
fibra2 up
--
Ciao,
Filippo
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Tom Eastep

2016-10-07 14:54:26 UTC

Permalink

Post by Norman Henderson
Thank you Filippo! And Tom - yes there are some interfaces defined
as "optional" ?FORMAT 2 #ZONE INTERFACE OPTIONS clean
wlan0 routeback,routefilter=1,required clean vlan1
routeback,routefilter=1,required maf01 vlan2
routeback,routefilter=1,optional,wait=5 uni01 usb0
routeback,routefilter=1,optional uni01 usb1
routeback,routefilter=1,optional - vlan4 #further defined in
hosts file tvc01 vlan5 routeback,routefilter=1,optional,dhcp
cem5t tun1 routeback,optional ...and others
Interestingly, on the 14.04 system, shorewall status -i also shows
interfaces that are non-optional: ?FORMAT 2 #ZONE INTERFACE
[BROADCAST] OPTIONS Dirty eth0 routeback,routefilter=1 ...and
others
shorewall status -i Shorewall-5.0.12 Status at VM-CEML - Fri Oct 7
14:33:02 UTC 2016
Shorewall is running State:Started Fri Oct 7 14:31:15 UTC 2016
from /etc/shorewall/ (/var/lib/shorewall/firewall compiled Fri Oct
7 11:42:04 UTC 2016 by Shorewall version 5.0.12)
Interface eth0 is Enabled ...and others

Norman Henderson

2016-10-07 15:13:54 UTC

Permalink

***@cem05fw:/etc/shorewall# fgrep .status /var/lib/shorewall/firewall
elif [ -f ${VARDIR}/${1}.status ]; then
status=$(cat ${VARDIR}/${1}.status)
rm -f /var/lib/shorewall/*.status
[ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status)
rm -f ${VARDIR}/usb0.status
echo 0 > ${VARDIR}/usb0.status
echo 1 > ${VARDIR}/usb0.status
echo 1 > ${VARDIR}/usb0.status
rm -f ${VARDIR}/usb1.status
echo 0 > ${VARDIR}/usb1.status
echo 1 > ${VARDIR}/usb1.status
echo 1 > ${VARDIR}/usb1.status
rm -f ${VARDIR}/vlan5.status
echo 0 > ${VARDIR}/vlan5.status
echo 1 > ${VARDIR}/vlan5.status
echo 1 > ${VARDIR}/vlan5.status
rm -f ${VARDIR}/tun1.status
echo 0 > ${VARDIR}/tun1.status
echo 1 > ${VARDIR}/tun1.status
echo 1 > ${VARDIR}/tun1.status
rm -f ${VARDIR}/vlan4.status
echo 0 > ${VARDIR}/vlan4.status
echo 1 > ${VARDIR}/vlan4.status
rm -f ${VARDIR}/tun3.status
echo 0 > ${VARDIR}/tun3.status
echo 1 > ${VARDIR}/tun3.status
echo 1 > ${VARDIR}/tun3.status
rm -f ${VARDIR}/tun6.status
echo 0 > ${VARDIR}/tun6.status
echo 1 > ${VARDIR}/tun6.status
echo 1 > ${VARDIR}/tun6.status
rm -f ${VARDIR}/tun7.status
echo 0 > ${VARDIR}/tun7.status
echo 1 > ${VARDIR}/tun7.status
echo 1 > ${VARDIR}/tun7.status
rm -f ${VARDIR}/tun5.status
echo 0 > ${VARDIR}/tun5.status
echo 1 > ${VARDIR}/tun5.status
echo 1 > ${VARDIR}/tun5.status
rm -f ${VARDIR}/tun8.status
echo 0 > ${VARDIR}/tun8.status
echo 1 > ${VARDIR}/tun8.status
echo 1 > ${VARDIR}/tun8.status
rm -f ${VARDIR}/vlan2.status
echo 0 > ${VARDIR}/vlan2.status
echo 1 > ${VARDIR}/vlan2.status
echo 1 > ${VARDIR}/vlan2.status
echo 0 > ${VARDIR}/${1}.status

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On the 16.04 system, what is the output of 'fgrep .status
/var/lib/shorewall/firewall'?
Thanks,
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJX97ciAAoJEJbms/JCOk0QTlEQALF/VtvavKmTSPr2StoX+8Dk
EyuXRg7SCXRVGR6ur5W0dCpSacWmnGSTUtssKVQegLNxDlM9sMfFek7WkuKVJf9m
TxfaPGFnYcz4uCPBcSyCE6h6i37RaoHpSsyrYGwsfnjPQ59AryMbJGRb7/gXmfQI
9+RZKzHVhFBp3HwKrW0d3yzWzEBHi4VgDfxbvT5D9Zr2A78f7nJiNmhgryFPTvdS
H2P6OoJrn6SDJnIclw0rb4Pd5TgLoD6i3t1yT7+c401qq5pDUBAxw1iXB33KMfl5
+neILVErzCr7U37Ad8YbmJZvsozLJ6S3UZd0x7e2Ev31omsyqTYJ8klHb+3Go5xJ
6cIb2mUzXNDW1C/VcQStWvM7IPK6y6EkBvDMDdvlCiU1EvQxwZv5eWIaZRp49FcC
5WF2Ftx4s4cwUoGyJTzyiD0XgzrRfII9F69KJlnrUyT0ypb+vCHgSQH46mBAJfZg
Hs1dev+G/jfKpfgh/c9eYJ8Z9CMSVkx1O5VImuXLJp7PaWoMItvrfsiXaSQtIDdX
Dr7X5ZYWHZ1KY5FBqYe87F0vPd9g1dJg4R7399FxMzk2pFVUspFIQXgo3R66OQ8m
FNgCuXas/2GavPZDGEAOXfJYBY2qFrP/JFAXiia5ojoJ/7yOOK11pOgxmtKHhwX5
mqcy5t9kSD7+Tfm1q6hN
=NV6W
-----END PGP SIGNATURE-----
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Tom Eastep

2016-10-07 16:12:45 UTC

Permalink

/var/lib/shorewall/firewall elif [ -f ${VARDIR}/${1}.status ];
then status=$(cat ${VARDIR}/${1}.status) rm -f
/var/lib/shorewall/*.status

I suspect that the above line comes from your lib.private file. The
above line should not appear in lib.private with the current shorewall
releases.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

Tom Eastep

2016-10-07 16:21:57 UTC

Permalink

Post by Tom Eastep

/var/lib/shorewall/firewall elif [ -f ${VARDIR}/${1}.status ];
then status=$(cat ${VARDIR}/${1}.status) rm -f
/var/lib/shorewall/*.status

I suspect that the above line comes from your lib.private file.
The above line should not appear in lib.private with the current
shorewall releases.

The line got folded -- it was

rm -f /var/lib/shorewall/*.status

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

Continue reading on narkive:

Search results for '[Shorewall-users] Interface status not working' (Questions and Answers)

replies

Wired vs Wireless?

started 2014-08-03 11:36:37 UTC

computer networking

replies

My laptop was infected with virus etc. Cleaned it. Not working perfectly now. Now I want to install Windows 7?

started 2010-07-01 06:45:51 UTC

laptops & notebooks

replies

Kensington Mouse not working?