Author Topic: Firewall update script lacking <c/R> in temprary script - Causes 10 min delay  (Read 995 times)

scottdr

  • Zen Apprentice
  • *
  • Posts: 17
  • Karma: +6/-0
  • Zentyal community editions 6.2.0, 5.1.3
    • View Profile
I have version 6.2.3 running on Ubuntu 18.04.5 LTS.

When I update a Network IP object, the process seems to take  more than 10 minutes to run. If I check processes that are running under the user ebox, I find that the IPtables update temporary update.cmd has all the rulles needed, however, the last line of the .cmd script does not have a line terminator. So I suspect that this process times out.

Here is the last few lines of the temp *.cmd script running: -
/sbin/sysctl -q -w net.ipv4.ip_forward="1"
/sbin/sysctl -q -w net.ipv4.tcp_syncookies="1"
/sbin/sysctl -q -w net.ipv4.conf.all.log_martians="0"
/sbin/sysctl -q -w net.ipv4.conf.all.accept_redirects="0"
/sbin/sysctl -q -w net.ipv4.conf.all.send_redirects="0"
/sbin/sysctl -q -w net.ipv4.conf.all.accept_source_route="0"
/sbin/sysctl -q -w net.ipv4.icmp_ignore_bogus_error_responses="1"
/sbin/sysctl -q -w net.ipv4.icmp_echo_ignore_broadcasts="1"root@hcs-zentyal6:/var/log#

As you can see the last line [/sbin/sysctl -q -w net.ipv4.icmp_echo_ignore_broadcasts="1"] does not have a line terminator so will hang.

Likewise, at boot, this causes the start process to hang for at least 10 minutes, see ps -ef example

ebox        876      1  5 11:07 ?        00:00:35 /usr/bin/perl /usr/bin/zs start
ebox       1647    876  0 11:08 ?        00:00:00 sh -c /usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/TuS87hAkmh.cmd 2> /var/lib/zentyal/tmp/stderr <== Firewall script
userid  11560  10992  0 11:18 pts/1    00:00:00 grep --color=auto ebox Still running 10 minutes later


Thank you

Don
« Last Edit: September 28, 2020, 12:29:35 pm by scottdr »