firewall.postservice not executed/iptables rules not executed

[dwebber]

I'm using 3.0.  After executing "/etc/init.d/zentyal firewall restart", firewall.postservice is not executed.  This script is executable and runs without errors using "sudo sh firewall.postservice".

Additionally, the iptables rules are not always executed. For example, after executing the above script, a) an nmap scan will show that the rules are being executed; b) run nmap again without any changes, the rules are not; c) run nmap yet again without any changes, and they are.  Rules were verified via "iptables --list" before and after a, b, and c.

I ran "apt-get update" and "apt-get dist-update"; also rebooted.

Is there a setting that I'm missing?  Why are the iptables rules only executed sometimes ?

Thanks, Duane

[dwebber]

Is forum still alive?

[christian]

yes but if there is no reply, perhaps there is no known answer at least from forum members.
Why don't you, if not already done, create ticket instead ?

[dwebber]

Is that the rule?  Wait 10 days and if no one responds, create a ticket?  Perhaps it would be best if someone just responded in a timely fashion stating “We don’t have an answer, please create a ticket”.

[christian]

No this is not "a rule" and no, one can not respond "we don't have an answer".
Why? just because this is a forum. I don't have the answer because I don't have any idea but can state for other members "we" don't have the answer. I just do not reply, perhaps someone else knows about your problem or may have an idea. The point is that you may have to wait a bit.

On the other hand, if you are convinced this is a bug, nothing to do with forum, rule or whatever, feel free to create a ticket.
This was my point. Sorry if I was not enough clear.

[dwebber]

Yes, Christian, because it is a forum and usually a forum moderator’s responsibility is to ensure questions are answered in timely fashion.  It’s also common human decency to respond to customer’s questions rather than letting them wait.  Otherwise, why be moderator? 

Secondly, how do you know that I’m not looking into buying one of your products?  I have serious reservations if this is the “support” response.  I am on the “Zentyal Support Forum » Zentyal Server » General Support” page according to bottom of the page.

Finally, this is a feature that is touted in your marketing presentations.  I would think that this impacts other people and that you, among other people in the company, would want this looked into straight away. 

Thank you for your support.

[christian]

Dwebber,

You're perhaps correct with such view and I'm perhaps wrong because I do not share it. However, here are my reasons:

1 - I'm  not replying as "forum moderator" but as forum member (most of the time, I would like this "forum moderator" signature to be hidden  )
My role, as moderator, is not to ensure that every question get an answer in a timely fashion.
You are not my customer    as I'm not Zentyal employee.
I'm even not Zentyal customer  but Zentyal user and forum member. Like some other members, I've been asked to act as moderator, which means, at least here, to ensure that what is discussed is related to Zentyal and done in a polite and fair way. Nothing more. Nothing directly related to Zentyal business. Moderating this forum is definitely not my main activity and I'm very happy when I do not moderate.

2 - I don't know if you are or not buying Zentyal product (notice this is not "mine" product) but if you buy some service from Zentyal, then it comes with SLA and support is not done via forum channel only. Thus you can expect an answer to each question you may ask. If you use forum, as community member, then please understand that this is (best) community effort. If there is no answer, there is nothing I can do except suggesting that you create a ticket if it appears that problem you face is a bug. Advantage of such approach is that you will get some tracking and tracking is not done by community but directly by Zentyal staff.

3 - You may have noticed that Zentyal staff, when taking part in this forum is identified as... Zentyal staff member 

[Sam Graf]

As a moderator I concur with christian's view of the role. However, I can see how confusion about the support board/forums could happen.

It might be helpful to identify this as board as primarily community support--support provided freely by Zentyal users. At one time there was nothing else; hence the board structure we have. But now that fee-based support services are available (and often preferable), it might be helpful to describe clearly that this is primarily a community support venue.

[dwebber]

Christian, Sam,

   I understand your point of view, and although this has gone way off the initial topic, I think it is an important topic:

1.   This forum is directly off of Zentyal’s site and someone should take responsibility for it.  If not moderators, then Zentyal staff.  My logical assumption was that moderators do and while there is always a resolution to a post, it is extremely helpful to respond to all questions (emphasis on “extremely” and “all”).  I haven’t yet obtained telepathic abilities to know if forum members are sick, on vacation, believe it’s a bug, members don’t have the answer, etc.  It’s extremely frustrating to wait 10 days for a response to a question.
2.   If there is no response and moderators don’t step in to assist, the best solution for forum members will be to ask the question on the forum and also submit a ticket at the same time.  Not an efficient use of tickets but from a customer perspective I will hopefully get a faster response.  I would prefer not to do this as I myself lead a software dev team - different industry - and would not want what are really questions, being passed unnecessarily to the dev team.  Note, this only slows development for everyone, including you.
3.   My question - along with all other posts from every member - provide valuable input and in the end benefits everyone that uses Zentyal.  I assume since you both are active members with a lot Karma under your name, you both have a vested interest in improving Zentyal.  This could very well be a bug and I would think that you would want the bug reported asap.  When you say it is not “your” product, at the end of the day, if you use the product, it really is your product.
4.   As a customer/user, I spent several hours until I figured out the root cause of the issue.  This is several hours that everyone does not have to spend because I already have.  The right thing to do would be for someone to spend two minutes and provide direction - not necessarily issue resolution - as you eventually did.

At the end of the day, all forum members just want Zentyal to be a great product.  Forum members are just looking for a response.  Like a TCP packet.  UDP is not appropriate for forums. 

For the time being, I will simultaneously submit questions and tickets until someone is willing to take responsibility for the forums.  Don’t take my comments as harsh but the reality is that nothing gets resolved unless there is communication.

[christian]

You're right, communication is key and I believe mine is not that efficient as you still think that ticket could be used as alternative to (silent) forum.
No. This is not the purpose.
My point was to say: if you have the evidence or strongly believe that there is a bug, then you should create ticket.

Regarding silent forum, if no one answers to your question, common practice is to bump one or two times. If there is still no answer, it may mean that nobody knows 

[Sam Graf]

Duane,

Since we all have experienced unanswered questions here in the community forums, no one is unsympathetic. Yet moderators are community members responsible for the conduct on the forums, not the quality of service provided by the community. Ordinarily we cannot generate more staff response than any other member. Even our own topics don't automatically enjoy more staff attention than any other community member's topics. We are very ordinary people here, regardless of any misleading impression (in my view) the board's karma feature provides.

The practical result of Zentyal's business model is that the open source-oriented community interested in Zentyal's progress is responsible for these forums. They are not unattended, though community skills will, naturally, be uneven. I grant that that's not a perfect system, but open source projects only rarely (in my experience) have sufficiently vibrant communities to overcome the system's deficiencies. Zentyal's customers don't always equate to active community members, in other words.

This "two worlds" aspect of Zentyal is best seen by comparing zentyal.org and zentyal.com. While Zentyal is firmly an open source project, as a product it is a commercial offering. That may create unwelcome side effects on the .org side of things, and it is up to open source advocates to fill any gap. The current benefit to us on the .org side is the free availability of a fully functional Zentyal. In return, as you noted, Zentyal as a commercial offering may benefit from our experience and feedback in terms of bug reports and in terms of wider and more diverse real world implementation.

Again, having been been "neglected" here myself more than once over the years I'm not unsympathetic. And I'm not asking you to simply accept that this is the way things are, even though this is the way things are, more or less, depending on how close to the reality my comments have gotten. My practical suggestion is that if you want to pursue the conversation with people who can make an operational difference, watch the announcements forum for the next community council meeting and feel free to accept the invitation to attend, with your observations in hand. Thoughtful feedback and criticism, like yours, are welcome there, as far as I know.

In the meantime, I encourage you to report anything you think might be a bug or an undesirable behavior. As Christian noted, that's not a formal rule, so maybe as moderators we do need to suggest it more often--though as you've noted it's not a preferred method of getting questions answered, and people predictably are reluctant to file a bug report when they're not sure. i know I am.

In any case, I do hope you can find useful answers to your original good questions.

[dwebber]

Sam, Christian,

   Good News!  I was able to find an implementation that works: ClearOS.  While I originally wanted to go with Zentyal because it is built on Ubuntu (which I already use), and after another defect appeared - after the above exchange I know there is no support - ClearOS will work.  Maybe the Zentyal solution will mature in the next couple of years at which time I may reconsider.

[christian]

Wise decision.
If you are more comfortable with ClearOS or if it fits your requirements better, that's definitely the way to go.
On my side, I'm still running Zentyal 2.2 and don't face enough problem to trigger move toward another solution 

[Sam Graf]

Wise decision.

+1