On 07/24/2018 05:39 AM, Timo Sigurdsson wrote: > Hi, > > as a user of shorewall 5.0.15.6 on Debian 9, I was wondering when exactly > shorewall needs to be restarted if the addresses of interfaces are > dynamically assigned by the provider. > > I have a PPPoE connection where I get an IPv4 address assigned to my external > interface on each dial-up, I get an IPv6 address on the externel Interface > via SLAAC and a delegated IPv6 prefix via DHCPv6 which I split and assign to > my internal interfaces. > > At the moment I reload shorewall whenever the PPPoE connection comes up or > goes down (i.e. the IPv4 address changes) and I reload shorewall6 whenever > the autoconfigured IPv6 address on my external interface or my delegated > prefix changes. > > But I'm wondering whether this is always necessary. The reason is that when I > grep the output of 'iptables -L -n -v' I don't actually find my external IPv4 > address in the ruleset. So, I'm wondering whether shorewall actually needs to > be made aware of that change (btw. masquerading is enabled on my external > interface). For IPv6, it seems that my IPv6 prefixes (both the one received > via SLAAC for the external itnerface as well as the one received via DHCPv6 > for delegation) show up in the output of 'ip6tables -L -n -v', so I assume > shorewall6 needs to know these. > > I'd appreciate any clarification someone can provide. Thank! >
It is configuration-dependent. If you use any Shorewall construct that requires Shorewall[6] to detect the external (or delegated) host (or subnet) address, then reload is required when this address (these addresses) change. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
