Your message dated Sat, 2 Jul 2016 15:15:45 -0400
with message-id <[email protected]>
and subject line Re: shorewall: "shorewall check" triggers "nfnetlink: Unknown
symbol netlink_net_capable" kernel 3.14 (bpo)
has caused the Debian Bug report #767992,
regarding shorewall: "shorewall check" triggers "nfnetlink: Unknown symbol
netlink_net_capable" kernel 3.14 (bpo)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
767992: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767992
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: shorewall
Version: 4.5.5.3-3
Severity: normal
Dear Maintainer,
I followed https://wiki.debian.org/HowTo/shorewall to install and activate
shorewall. But running "shorewall check" gives folowing output.
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
ERROR: could not insert 'nfnetlink': Unknown symbol in module, or unknown
parameter (see dmesg)
ERROR: could not insert 'xt_NFLOG': Unknown symbol in module, or unknown
parameter (see dmesg)
ERROR: could not insert 'nf_conntrack_netlink': Unknown symbol in module, or
unknown parameter (see dmesg)
ERROR: could not insert 'xt_set': Unknown symbol in module, or unknown
parameter (see dmesg)
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Shorewall configuration verified
Dmesg output:
[10636594.713924] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636594.715478] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636594.717035] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636594.718661] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636594.813404] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636714.617806] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636714.619301] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636714.620769] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636714.622298] nfnetlink: Unknown symbol netlink_net_capable (err 0)
[10636714.712024] nfnetlink: Unknown symbol netlink_net_capable (err 0)
It is possible to start shorewall and iptables -L shows the expected rules.
A quick on-line search for kernel 3.14 and netlink brought up:
https://lkml.org/lkml/2014/6/24/719
I know shorewall expects stock kernel 3.2 and not bpo kernel 3.14. I have
searched Debian bug reports but found none describing this error.
-- System Information:
Debian Release: 7.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages shorewall depends on:
ii bc 1.06.95-2+b1
ii debconf [debconf-2.0] 1.5.49
ii iproute 20120521-3+b3
ii iptables 1.4.14-3.1
ii perl-modules 5.14.2-21+deb7u2
ii shorewall-core 4.5.5.3-3
shorewall recommends no packages.
Versions of packages shorewall suggests:
ii linux-image-3.2.0-4-amd64 [linux-image] 3.2.63-2
ii make 3.81-8.2
ii shorewall-doc 4.5.5-1
-- Configuration Files:
/etc/default/shorewall changed:
startup=1
OPTIONS=""
STARTOPTIONS=""
RESTARTOPTIONS=""
INITLOG=/dev/null
SAFESTOP=0
/etc/shorewall/params [Errno 13] Permission denied: u'/etc/shorewall/params'
No lines were changed, only comment lines.
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
BLACKLIST_LOGLEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=
TC=
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTO_COMMENT=Yes
AUTOMAKE=No
BLACKLISTNEWONLY=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=0
OPTIMIZE_ACCOUNTING=No
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=No
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
IPSECFILE=zones
-- debconf information:
shorewall/dont_restart:
shorewall/major_release:
shorewall/invalid_config:
--- End Message ---
--- Begin Message ---
On Tue, Nov 04, 2014 at 12:11:25AM +0100, Bernard Zijlstra wrote:
> Package: shorewall
> Version: 4.5.5.3-3
> Severity: normal
>
(SNIP)
> Dmesg output:
>
> [10636594.713924] nfnetlink: Unknown symbol netlink_net_capable (err 0)
>
(SNIP)
> A quick on-line search for kernel 3.14 and netlink brought up:
> https://lkml.org/lkml/2014/6/24/719
> I know shorewall expects stock kernel 3.2 and not bpo kernel 3.14. I have
> searched Debian bug reports but found none describing this error.
>
(SNIP)
> -- System Information:
> Debian Release: 7.7
>
(SNIP)
> Kernel: Linux 3.14-0.bpo.1-amd64 (SMP w/4 CPU cores)
Bernard,
I apologize for never having looked at this report. I think that the
root cause of the problem is that the Shorewall version (from October
2012) and the kernel version (initial upstream release April 2014) have
some incompatibilities. As this problem seems to be specific to Wheezy
(oldstable) with a backported kernel that no longer exists anywhere in
the archive, and because I have systems currently running Shorewall both
on stable and stable with the standard kernel and no issues, I am
closing this bug report.
If you encounter this or similar issues again please file a report and I
will endeavour to attend to it in a more timely fashion.
Regards,
-Roberto
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
--- End Message ---
