Shorewall firewall on UBUNTU LTS 8.04 server doesn’t start on boot

I have in one of my machines a pretty annoying situation related to the fact if the UBUNTU based firewall reboot’s, the firewall doesn’t start automatically…

This is pretty annoying because it means that after a power failure, there is a need for manual intervention to restore exterior access trough the firewall to internal servers.

[EDIT] The problem is that the firewall is started from the init scripts and it is running, but the rules for port forwarding are not active. You need to make sure that the following options are enabled on the shorewall.conf

STARTUP_ENABLED=Yes

IP_FORWARDING=On

Advertisements

4 thoughts on “Shorewall firewall on UBUNTU LTS 8.04 server doesn’t start on boot

  1. Two questions:

    1) why stop, start, stop and finally restart?
    2) why not identify why shorewall fails to start and fix that? Suggest you check /etc/default/shorewall

    • 1) Good question. Stop and start do not work. Only by doing the that sequence makes it work. Why? Haven’t the slightest idea…
      2) I’ve tried several times :-). It only happens on boot. The first restart/enable doesn’t work. After 1) it starts to have the “normal” behaviour…

      By the way, the script is wrong because uptime is not consistent on it’s output. I’ll post a updated script soon.

  2. You missed the point!

    The firewall DOES START BUT with rules that aren’t the “running” rules. So it’s running but like in total “blocked” mode.

    The solution is to change the configuration parameter inside the configuration file, so that when shorewall starts, it starts with the running rules.

    Regarding to the “Please stop it”, sorry no can do. If you believe everything that’s on the internet and have no critical mind to judge for yourself, you need to stop using it.

    Anyway this was a very old post, and the real reason was found and solved.

    • Regarding “old post” – sorry (feel free to delete my comments) – nothing is old – see, google search found your page 🙂

      Regarding “stop it” – sorry and thank you for the updated info. (Sometimes I get tired to find the correct answers, good tutorial, etc. As I told, I am stupid linux user)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s