shorewall before network?
Paul Howarth
paul at city-fan.org
Tue Feb 14 07:23:47 UTC 2006
On Tue, 2006-02-14 at 03:30 +0000, Timothy Murphy wrote:
> Paul Howarth wrote:
>
> > Timothy Murphy wrote:
> >> I notice that S09shorewall starts up before S10network
> >> on my FC-4 system, and so fails since eth* has not yet been set up.
> >>
> >> Can I just rename them as S09network and S10shorewall?
> >
> > That should work, yes.
> >
> > However, it's strange that your copy of shorewall should be doing that.
> > Are you using the package from Fedora Extras? I am, and the initscript
> > is called S25shorewall, which is safely after network startup.
> >
> > If that's the package you're using, the following may help:
> > # chkconfig --del shorewall
> > # chkconfig --add shorewall
> > # chkconfig shorewall on
>
> Thanks very much.
> I've done that, and it is now S25shorewall .
>
> I didn't realise chkconfig could change the ordering.
> That is probably how it got messed up in the first place.
The ordering of a fresh shorewall install appears to have changed at
some time (the changelog for the spec file includes an entry for the
1.4.7-1.fdr.3.a release where it was deliberately set up to start before
networking). If you installed the package at that time, or at any time
until the package was changed back to start after networking, that's the
ordering your system would use; upgrades to the package will not run
chkconfig and fix the ordering.
Paul.
More information about the fedora-list
mailing list