Re: libprocps3 procps update this morning causing shorewall/iptables routing problems.
On Thursday 24 May 2018 06:01 PM, Jonathan Wiltshire wrote:
> (CC because I'm not sure whether you're subscribed)
> On 23/05/18 11:36, Luke Hall wrote:>>> This morning a number of our
> jessie firewall servers received these updates.
>>>> 2018-05-23 06:53:20,879 INFO Allowed origins are:
>>>> 2018-05-23 06:53:23,120 INFO Packages that will be upgraded: libprocps3
>>>> 2018-05-23 06:53:23,121 INFO Writing dpkg log to
>>>> 2018-05-23 06:53:24,836 INFO All upgrades installed
>>>> Those machines, all running shorewall 188.8.131.52-2 and the 3.16.0-4-amd64
>>>> kernel stopped routing traffic through to hosts behind them and we found
>>>> it necessary to restart shorewall for this to resume. I will do some
>>>> further debugging this morning but I'm wondering if this affected anyone
> Do you have a stray 'net.ipv4.ip_forward=0' or similar in
> We also saw one instance of this problem, because the sysctls were
> reloaded during the update and so forwarding became disabled. Restarting
> shorewall of course fixes this by setting ip_forward back to 1.
> All our other machines without ip_forward=0 in the configuration were
Do you think it is a regression in recent upload of procps in