On 10/08/2018 06:01 AM, Vieri Di Paola via Shorewall-users wrote: > > > On Friday, October 5, 2018, 6:42:46 PM GMT+2, Tom Eastep > <teas...@shorewall.net> wrote: > >>> >>> However, all 3 providers are up and running, ie., I can successfully ping >>> to a remote host through their interfaces. >>> I need to manually run "shorewall enable INTERFACE" and restart shorewall. >>> No issues from this point onwards. >>> So why is Shorewall complaining about the interfaces? How does it decide if >>> it's "usable"? >> >> You can read the code for yourself. It is contained in the shell >> function interface_is_usable(). Note that with the standard >> /etc/shorewall/isusable script, once a persistent interface is >> determined to be unusable, the only way to make it usable again is to >> use the 'enable' (or reenable) command. > > By the way, here's what I've noticed: > > # ip -4 link list dev ppp3 > 11: ppp3: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel > state UNKNOWN mode DEFAULT group default qlen 3 > link/ppp > > # ip -4 link list dev ppp2 > 8: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel > state UNKNOWN mode DEFAULT group default qlen 3 link/ppp > > # ip -4 link list dev ppp1 > 7: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel > state UNKNOWN mode DEFAULT group default qlen 3 > link/ppp > > > The "state" is UNKNOWN instead of UP, but the links are "really up"... >
The code in interface_is_usable() is only checking for 'state DOWN', so UNKNOWN is considered to be UP. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users