bridge stopped working after upgrade from natty to oneiric
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| shorewall (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Example config files:
# zones
fw firewall
br ipv4
bp0:br bport
bp1:br bport
bp2:br bport
# interfaces
br br0 detect bridge
bp0 br0:eth0
bp1 br0:eth1
bp2 br0:eth2
# policy
br br ACCEPT
all all REJECT ULOG
# rules
Ping/ACCEPT br0 $FW
This used to work with natty, but stopped working after upgrading to oneiric. No error message appeared, but attempts to ping the firewall were logged to ulog.
To get it working again, I needed to edit "policy":
bp0 bp1 ACCEPT
bp0 bp2 ACCEPT
bp1 bp0 ACCEPT
bp1 bp2 ACCEPT
bp2 bp0 ACCEPT
bp2 bp1 ACCEPT
and "rules":
Ping/ACCEPT bp0,bp1,bp2 $FW
This doesn't scale very well. I'm using the default shorewall.conf from 4.4.21-1 on i386. The problem appeared before rebooting into the new kernel installed by oneiric and persists after the reboot.
