When I just issue SuSEfirewall2 stop, this takes a long time, meanwhile I can still do dns lookups without any problem even when the firewall has stopped.
John Tricley wrote:
So you need to look for an error somewhere. I suggest you run the script with a "sh -x" to see exactly what is causing the delay.
Thanks for the help, I found that the rmmod caused the delay because not all modules are loaded. For the moment I removed this from the script, it doesn't make any difference when shutting down the machine. David The output says the following modules are not loaded: ipt_MASQUERADE ipt_MARK ipt_MIRROR ipt_REDIRECT ipt_limit ipt_mac ipt_mark ipt_multiport ipt_owner ipt_tcpmss ipt_tos ipt_unclean ip_queue ip_queue This is the 'stop' function function reset_rules() { echo -n "SuSEfirewall2: clearing rules now ..." test "$FW_STOP_KEEP_ROUTING_STATE" = "yes" || ( echo 0 > /proc/sys/net/ipv4/ip_forward ) > /dev/null 2>&1 $IPTABLES -F INPUT $IPTABLES -F OUTPUT $IPTABLES -F FORWARD $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t mangle -F $IPTABLES -t mangle -X ( rmmod ipt_TCPMSS ipt_TOS ipt_MASQUERADE ipt_LOG ipt_state \ ipt_MARK ipt_MIRROR ipt_REDIRECT ipt_limit ipt_mac ipt_mark \ ipt_multiport ipt_owner ipt_tcpmss ipt_tos ipt_unclean ip_queue \ ip_nat_ftp ip_conntrack_ftp ipt_REJECT iptable_mangle iptable_nat \ iptable_filter ip_queue ip_conntrack iptable_filter ip_tables ) > /dev/null 2> /dev/null echo " done" } -- David D'Hauwe Lange Boomgaardstraat 86 B-9000 Gent David.DHauwe@advalvas.be +32(0)497/58.95.80