On 10/08/2018 06:01 AM, Vieri Di Paola via Shorewall-users wrote:
> 
>  
> On Friday, October 5, 2018, 6:42:46 PM GMT+2, Tom Eastep 
> <teas...@shorewall.net> wrote: 
> 
>>>
>>> However, all 3 providers are up and running, ie., I can successfully ping 
>>> to a remote host through their interfaces.
>>> I need to manually run "shorewall enable INTERFACE" and restart shorewall. 
>>> No issues from this point onwards.
>>> So why is Shorewall complaining about the interfaces? How does it decide if 
>>> it's "usable"?
>>
>> You can read the code for yourself. It is contained in the shell
>> function interface_is_usable(). Note that with the standard
>> /etc/shorewall/isusable script, once a persistent interface is
>> determined to be unusable, the only way to make it usable again is to
>> use the 'enable' (or reenable) command.
> 
> By the way, here's what I've noticed:
> 
> # ip -4 link list dev ppp3
> 11: ppp3: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel 
> state UNKNOWN mode DEFAULT group default qlen 3
>     link/ppp
> 
> # ip -4 link list dev ppp2
> 8: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel 
> state UNKNOWN mode DEFAULT group default qlen 3    link/ppp
> 
> # ip -4 link list dev ppp1
> 7: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel 
> state UNKNOWN mode DEFAULT group default qlen 3
>     link/ppp
> 
> 
> The "state" is UNKNOWN instead of UP, but the links are "really up"...
> 

The code in interface_is_usable() is only checking for 'state DOWN', so
UNKNOWN is considered to be UP.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to