Hi, as a user of shorewall 5.0.15.6 on Debian 9, I was wondering when exactly shorewall needs to be restarted if the addresses of interfaces are dynamically assigned by the provider.
I have a PPPoE connection where I get an IPv4 address assigned to my external interface on each dial-up, I get an IPv6 address on the externel Interface via SLAAC and a delegated IPv6 prefix via DHCPv6 which I split and assign to my internal interfaces. At the moment I reload shorewall whenever the PPPoE connection comes up or goes down (i.e. the IPv4 address changes) and I reload shorewall6 whenever the autoconfigured IPv6 address on my external interface or my delegated prefix changes. But I'm wondering whether this is always necessary. The reason is that when I grep the output of 'iptables -L -n -v' I don't actually find my external IPv4 address in the ruleset. So, I'm wondering whether shorewall actually needs to be made aware of that change (btw. masquerading is enabled on my external interface). For IPv6, it seems that my IPv6 prefixes (both the one received via SLAAC for the external itnerface as well as the one received via DHCPv6 for delegation) show up in the output of 'ip6tables -L -n -v', so I assume shorewall6 needs to know these. I'd appreciate any clarification someone can provide. Thank! Regards, Timo ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
