Package: shorewall Version: 4.6.3-1 Severity: normal Hi,
after the latest update of shorewall the 'universal' example configuration fails: $ sudo shorewall start Compiling... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /etc/shorewall/policy... Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall/rules... Compiling /etc/shorewall/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Generating Rule Matrix... Optimizing Ruleset... Creating iptables-restore input... Shorewall configuration compiled to /var/lib/shorewall/.start Starting Shorewall.... ERROR: No network interface available: Firewall state not changed Terminated The configuration worked fine before. With the help of [1], I found that modifying '/etc/shorewall/interfaces' fixed/worked around the issue: andi@flashgordon:/etc/shorewall$ diff -u interfaces interfaces.good --- interfaces 2014-09-05 09:58:21.616550151 +0200 +++ interfaces.good 2014-09-04 14:27:06.630210721 +0200 @@ -11,4 +11,4 @@ ############################################################################### #ZONE INTERFACE OPTIONS - lo ignore -net all dhcp,physical=+,routeback,optional +net eth0 dhcp,routeback,optional Looks like the wildcard '+' is not working as expected. Thanks, Andi [1] <URL:https://bbs.archlinux.org/viewtopic.php?pid=1449379#p1449379> -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages shorewall depends on: ii bc 1.06.95-9 ii debconf [debconf-2.0] 1.5.53 ii iproute 1:3.16.0-1 ii iproute2 3.16.0-1 ii iptables 1.4.21-2 ii perl-modules 5.20.0-4 ii shorewall-core 4.6.3-1 shorewall recommends no packages. Versions of packages shorewall suggests: ii make 4.0-8 pn shorewall-doc <none> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org