Thank you Tuomo. This was resolved with /var/lib/shorewall/firewall enable eth0. I didn't realize but there is an /etc/shorewall/isusable script, put there by lsm. Anyway after the enable, the eth0.status file contains 0, and shorewall starts without complaining about eth0.
Happy Saturday! On Fri, Jul 9, 2021 at 4:49 PM Tuomo Soini <t...@foobar.fi> wrote: > On Fri, 9 Jul 2021 15:46:03 +0100 > Norman and Audrey Henderson <norm.aud...@gmail.com> wrote: > > > Thank you both. First Tuomo, it's not really Net 0/8, I just removed > > the front digits to hide our real IP addresses, for security reasons. > > Matt, yes with optional on interface eth0 then shorewall starts but > > still gives a warning that interface eth0 is not usable. > > > > That does allow the important openvpn tunnels to start (even though > > they are running on top of eth0!) and it looks like the proper rules > > and routes for eth0 are being applied, because our Email is flowing > > again. > > > > However, why does SW think that eth0 is unusable? What could I check? > > Check code in /var/lib/shorewall/firewall, > search for interface_is_usable. > > You can also try to enable interface with: > > /var/lib/shorewall/firewall enable eth0 > > Do you have /etc/shorewall/isusable script? That's what is used if you > have it. If you have that script you should check what's in > /var/lib/shorewall/eth0.status file... > > -- > Tuomo Soini <t...@foobar.fi> > Foobar Linux services > +358 40 5240030 > Foobar Oy <https://foobar.fi/> > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
