http://bugzilla.opensuse.org/show_bug.cgi?id=1140287 Bug ID: 1140287 Summary: security:netfilter/shorewall: Bug firewall connectivity lost, until manual intervention, on shorewall* package zypper-update Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: toganm@dinamizm.com Reporter: pgnet.dev@gmail.com QA Contact: bnc-team-screening@forge.provo.novell.com CC: bruno@ioda-net.ch Found By: --- Blocker: --- I install shorewall from distro packages on Leap 15.1, @ here: https://build.opensuse.org/package/show/security:netfilter/shorewall It's up & running nicely on my lan's-edge firewall/router box. At maintenance-time "zypper up" of its packages, when shorewall* package updates are available, they're typically part of a larger group of packages to be updated. Currently, as soon as the shorewall packages zypper-update, shorewall's stopped ... and I lose connectivity -- until I restart shorewall. @ chat in #shorewall, response from a SW dev was: "contact package maintainer and request fix. that's packaging issue." I can *manually* update shorewall packages 1st, then restart it, then proceed with the rest ... but that's a manual intervention. And if I haven't had my coffee, and miss the shorewall update, I'm stalled until it's fixed. Is there a fix in the release packages for this behavior? Or a recommended, portable approach to avoiding this? I suppose zypper can be somehow hooked on each system's zypper config to restart shorewall after a package install, but that seems messy and doesn't scale well. Ideally, something in the package release itself (?). -- You are receiving this mail because: You are on the CC list for the bug.