https://bugzilla.novell.com/show_bug.cgi?id=474267
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=474267#c1
Ludwig Nussel
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-1.1 Firefox/3.0.5
Recently, I have been loosing network access, a while after resuming from suspend (and changing of network subnet).
Using NetworkManager? IIRC there is a bug open already for such an issue.
I found out that my logs are full of "martian source" alerts, which are nothing else than my subnet addresses.
The kernel logs that if the interface on which a packet is received doesn't match the interface the kernel would use to contact that address. That's not related to packet filtering (iptables).
As restarting the firewall seemed to solve the problem, I came to the idea that there were some issue with the if-up / if-down scripts.
I checked this file, /etc/sysconfig/network/if-up.d/SuSEfirewall2, whose section of code makes me skeptical :
case "$0" in *if-up.d*) /sbin/SuSEfirewall2 -q start ;; *if-down.d*) /sbin/SuSEfirewall2 -q start ;; *) echo "don't know what to do" >&2 ;; esac
Shouldn't it be :
case "$0" in *if-up.d*) /sbin/SuSEfirewall2 -q start ;; *if-down.d*) /sbin/SuSEfirewall2 -q stop ;; *) echo "don't know what to do" >&2 ;; esac
No. Stopping SuSEfirewall2 would mean to open the system to the world. You basically never want to stop SuSEfirewall2 (not even shutdown does that).
There is no script in the if-dow.d folder. I think the above script should be linked there.
It could be there but besides potentially removing some no longer used filtering rules the call would only waste ressources. You normally only need to call SuSEfirewall2 if new interfaces appear. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.