Bug ID 1140287
Summary security:netfilter/shorewall: Bug firewall connectivity lost, until manual intervention, on shorewall* package zypper-update
Classification openSUSE
Product openSUSE.org
Version unspecified
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component 3rd party software
Assignee toganm@dinamizm.com
Reporter pgnet.dev@gmail.com
QA Contact bnc-team-screening@forge.provo.novell.com
CC bruno@ioda-net.ch
Found By ---
Blocker --- 

I install shorewall from distro packages on Leap 15.1, @ here:

    https://build.opensuse.org/package/show/security:netfilter/shorewall

It's up & running nicely on my lan's-edge firewall/router box.

At maintenance-time "zypper up" of its packages, when shorewall* package
updates are available, they're typically part of a larger group of packages to
be updated.

Currently, as soon as the shorewall packages zypper-update, shorewall's stopped
... and I lose connectivity -- until I restart shorewall.

@ chat in #shorewall, response from a SW dev was:

    "contact package maintainer and request fix.
     that's packaging issue."

I can *manually* update shorewall packages 1st, then restart it, then proceed
with the rest ... but that's a manual intervention.  And if I haven't had my
coffee, and miss the shorewall update, I'm stalled until it's fixed.

Is there a fix in the release packages for this behavior?

Or a recommended, portable approach to avoiding this?

I suppose zypper can be somehow hooked on each system's zypper config to
restart shorewall after a package install, but that seems messy and doesn't
scale well.

Ideally, something in the package release itself (?).

You are receiving this mail because: