Package: shorewall6 Version: 4.4.19.4-1 Severity: normal I am trying to use shorewall6 and shorewall6-lite combination to manage configuration of several servers from one place (I believe that shorewall for IPv4 have the same problem).
I have been using the following manual on the shorewall site: http://www.shorewall.net/CompiledPrograms.html#Lite I have the following folder structure: antonm@algol:~/work/shorewall6/server.tld$ pwd /home/antonm/work/shorewall6/server.tld antonm@algol:~/work/shorewall6/server.tld$ ls capabilities interfaces policy README.txt rules shorewall6.conf zones Per documentaion I have copied shorewall6.conf to server.tld export directory and made some local modifications per documentation plus I made changes to RSH_COMMAND and RCP_COMMAND, so it will work as non-root user on remote system. But when I run shorewall6 load from the server.tld export directory I do not see shorewall6 script sourcing the shorewall6.conf file in current directory: antonm@algol:~/work/shorewall6/server.tld$ pwd /home/antonm/work/shorewall6/server.tld antonm@algol:~/work/shorewall6/server.tld$ ls shorewall6.conf antonm@algol:~/work/sysadmin/oshec/shorewall6/mail.oshec.org$ strace -e open /sbin/shorewall6 load server.tld open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3 open("/sbin/shorewall6", O_RDONLY) = 3 open("/usr/share/shorewall6/lib.base", O_RDONLY) = 3 open("/usr/share/shorewall6/lib.common", O_RDONLY) = 3 open("/usr/share/shorewall6/lib.cli", O_RDONLY) = 3 --- SIGCHLD (Child exited) @ 0 (0) --- --- SIGCHLD (Child exited) @ 0 (0) --- --- SIGCHLD (Child exited) @ 0 (0) --- open("/usr/share/shorewall6/configpath", O_RDONLY) = 3 --- SIGCHLD (Child exited) @ 0 (0) --- --- SIGCHLD (Child exited) @ 0 (0) --- open("/etc/shorewall6/shorewall6.conf", O_RDONLY) = 3 --- SIGCHLD (Child exited) @ 0 (0) --- --- SIGCHLD (Child exited) @ 0 (0) --- --- SIGCHLD (Child exited) @ 0 (0) --- r...@server.tld's password: Strace shows that no open is done for file in current directory and also ssh command is executed as root even that in local shorewall6.conf I have: RSH_COMMAND='ssh ${system} "sudo ${command}"' It used shorewall6.conf from /etc/shorewall6 while the documentation says that: The CONFIG_PATH variable is treated as follows: The value of CONFIG_PATH in /etc/shorewall/shorewall.conf is ignored when compiling for export (the -e option in given) and when the load or reload command is being executed (see below). The value of CONFIG_PATH in the shorewall.conf file in the export directory is used to search for configuration files during compilation of that configuration. I do not see that it opends shorewall6.conf in current directory at all even that I use "load" command. This breaks ability to have custom configuration for exported directories as per the docs. Thanks. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages shorewall6 depends on: ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy ii iproute 20110315-1 networking and traffic control too ii iptables 1.4.10-1 administration tools for packet fi ii libio-socket-inet6-perl 2.65-1.1 Object interface for AF_INET6 doma ii shorewall 4.4.19.4-1 Shoreline Firewall, netfilter conf shorewall6 recommends no packages. Versions of packages shorewall6 suggests: ii linux-image-2.6. 2.6.36-1~experimental.1 Linux 2.6.36 for 64-bit PCs ii linux-image-2.6. 2.6.37-1 Linux 2.6.37 for 64-bit PCs ii linux-image-2.6. 2.6.38-1 Linux 2.6.38 for 64-bit PCs ii linux-image-2.6. 2.6.38-5 Linux 2.6.38 for 64-bit PCs ii linux-image-2.6. 2.6.39-2 Linux 2.6.39 for 64-bit PCs ii make 3.81-8.1 An utility for Directing compilati pn shorewall-doc <none> (no description available) -- debconf information: shorewall6/major_release: shorewall6/dont_restart: shorewall6/invalid_config: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
