[Shorewall-users] STDERR messages (fwd)

Gar Nelson gar.nelson@noaa.gov
Fri, 05 Apr 2002 16:09:19 -0700


This is a multi-part message in MIME format.
--------------FB9261413CE43992F3E11D37
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I guess I'm guilty of trimming my messages too much. <s>

Tom Eastep wrote:
> 
> On Fri, 5 Apr 2002, Gar Nelson wrote:
> 
> > Tom Eastep wrote:
> > >
> > > What I was suggesting is that you:
> > >
> > >         /etc/init.d/shorewall start > /tmp/shorewall.log 2>&1
> > >
> > > or something similar.
> >
> > Not to be a twit or anything, but....
> >
> > /etc/rc3.d/S25shorewall is a link to /etc/rc.d/init.d/shorewall
> >
> > Redhat fires up and looks for its run level, 3 in my case, then geos to
> > rc3.d and executes all the scripts that start with a capital S.  That
> > causes shorewall to run, but it does so without a command tail of
> > "start" or anything else, right? The actual "shorewall start" is buried
> > in the shorewall script in /etc/rc.d/init.d
> 
> SysVInit is smart enough to append "start" when it wants to start a
> service.
> 
> > Now I can understand if I change the file in rc3.d to K25shorewall, and
> > then edit /etc/rc.d/rc.local to run /etc/rc3.d/init.d/shorewall start >
> > /tmp/shorewall.log 2>&1
> > I can see that would work, but it would also cause shorewall to be one
> > of the last processes brought up. Isn't that a bad thing?
> >
> > I'm not trying to be dense. I'm sending off most of my paycheck to Tim
> > O'Reilly to populate my book shelf, and subscribing to SysAdmin, Linux
> > Journal, and Linux Magazine. I'm working on my "Networking 101" self
> > study program, but realistically I'm not at the graduate level yet.
> >
> > Anyway, thanks for your help and the fine program.
> 
> Please remind us again -- what problem are you trying to solve here?

Another guy brought up that he was getting STDERR messages all over his
terminal screen when running shorewall. I'm guessing that he is also
using his box as a workstation? I can see how that would be a bit
disrupting. 

In my case, the shorewall system is dedicated, but it normally doesn't
have a screen attached to it. (kvm switch shared with a bunch of other
servers). 99.9% of the time, no one will see the shorewall screen here.
The error messages don't bother me in a using the machine sense, but
maybe there is something there I should see. 

So the question is, redirecting that STDERR to a file, and still
starting up shorewall automatically at boot.

/etc/init.d/shorewall start > /var/log/shorewall.log 2>&1  will work if
you disable the regular sysVinit call via symbolic link in /etc/rc3.d or
/etc/rc5.d and instead place the call in /etc/rc.d/rc.local  That
accomplishes the mission, getting shorewall to start automatically, with
STDERR redirected, but it also starts shorewall last.

One of the benifits of Tom's shorewall is that you can start it before
the network comes up, however, using rc.local removes that possibility. 

If you're using the symbolic link in /etc/rc3.d or /etc/rc5.d, then
sysVinit supplies the "start". So how do you supply the rest of the
tail? "> /var/log/shorewall.log 2>&1" Is it possible?
--------------FB9261413CE43992F3E11D37
Content-Type: text/x-vcard; charset=us-ascii;
 name="gar.nelson.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Gar Nelson
Content-Disposition: attachment;
 filename="gar.nelson.vcf"

begin:vcard 
n:Nelson;Gar
tel;cell:n/a
tel;fax:406-228-9627
tel;work:406-228-2850
x-mozilla-html:FALSE
org:WSO Glasgow;Electronics
version:2.1
email;internet:gar.nelson@noaa.gov
title:Electronic Technician
adr;quoted-printable:;;NWS Office Glasgow=0D=0A101 Airport Rd.		;Glasgow;Mt;59230;USA
x-mozilla-cpt:;0
fn:Gar Nelson
end:vcard

--------------FB9261413CE43992F3E11D37--