On 05/17/2018 08:34 AM, Tom Eastep wrote: > On 05/16/2018 04:09 AM, Jean-Francois Bogaerts wrote: >> Dear Tom, >> >> I made some extensive tests and have the following results: >> >> Disabling link with command: /var/lib/shorewall/firewall disable eth2 >> while physical link is down makes the internet speed very slow through >> firewall >> Like if there where timeout hanging before routing packets through the >> working interface. >> >> Restarting shorewall with physical eth2 link down gives normal behavior. >> >> When checking routing with : shorewall show routing I have a difference >> between the two cases: >> >> Table main: >> >> 192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.51 (with >> disable command) >> >> 192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.51 >> linkdown (with shorewall restart) >> >> When restarting shorewall "linkdown" is added >> >> Might this be the problem ? >> > > Possibly - but I don't understand how that route is being modified by > 'disable'. The generated script should not be touching that route. >
With the attached patch applied, I'm not seeing any issues. Note, though, that I am running 5.2.0, not 5.0.15. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime
index b06075261..947a8524a 100644
--- a/Shorewall/Perl/lib.runtime
+++ b/Shorewall/Perl/lib.runtime
@@ -192,7 +192,7 @@ find_default_interface() {
# Determine if Interface is up
#
interface_is_up() {
- [ -n "$($IP -$g_family link list dev $1 2> /dev/null | grep -e '[<,]UP[,>]' | grep -v ' state DOWN ')" ]
+ [ -n "$($IP -$g_family link list dev $1 2> /dev/null | grep -e '[<,]UP[,>]')" ]
}
#
@@ -675,7 +675,7 @@ interface_is_usable() # $1 = interface
status=0
if ! loopback_interface $1; then
- if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then
+ if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ] && [ -z "$($IP -$g_family link list dev $1 2> /dev/null | fgrep 'state DOWN')" ]; then
if [ "$COMMAND" != enable ]; then
[ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1
status=$?
@@ -1101,7 +1101,7 @@ interface_is_usable() # $1 = interface
status=0
if [ "$1" != lo ]; then
- if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ]; then
+ if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ] && [ -z "$($IP -$g_family link list dev $1 2> /dev/null | fgrep 'state DOWN')" ]; then
if [ "$COMMAND" != enable ]; then
[ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1
status=$?
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
