Greetings,
After getting the most recent code from githup I removed the perl legacy
spec files, tarred up the source, and ran an "rpmbuild -ta
fwknop-2.6.5.tar.gz" to create the rpms with which I installed fwknop on
two centos7 servers. From the log messages below I believe that you can see
that the fwknopd server is configured to use firewalld. However, it appears
that when fwknopd receives an SPA packet it tries to write iptables rules
and fails.
Is there something else I need to do to use firewalld?
Feb 20 17:10:10 server7 fwknopd[2209]: Run directory: /var/run/fwknop does
not exist. Attempting to create it.
Feb 20 17:10:10 server7 fwknopd[2209]: Successfully created Run directory:
/var/run/fwknop
Feb 20 17:10:10 server7 fwknopd: Starting fwknopd: [ OK ]
Feb 20 17:10:10 server7 fwknopd[2210]: Starting fwknopd
Feb 20 17:10:10 server7 fwknopd[2210]: Using Digest Cache:
'/var/run/fwknop/digest.cache' (entry count = 0)
Feb 20 17:10:10 server7 systemd: Started LSB: start and stop fwknopd.
Feb 20 17:10:10 server7 firewalld: 2015-02-20 17:10:10 ERROR:
COMMAND_FAILED: '/sbin/iptables -C INPUT -t filter -j FWKNOP_INPUT' failed:
iptables v1.4.21: Couldn't load target `FWKNOP_INPUT':No such file or
directory
Try `iptables -h' or 'iptables --help' for more information.
Feb 20 17:10:10 server7 firewalld: 2015-02-20 17:10:10 ERROR:
COMMAND_FAILED: '/sbin/iptables -t filter -F FWKNOP_INPUT' failed:
iptables: No chain/target/match by that name.
Feb 20 17:10:11 server7 firewalld: 2015-02-20 17:10:11 ERROR:
COMMAND_FAILED: '/sbin/iptables -t filter -X FWKNOP_INPUT' failed:
iptables: No chain/target/match by that name.
Feb 20 17:10:11 server7 firewalld: 2015-02-20 17:10:11 ERROR:
COMMAND_FAILED: '/sbin/iptables -t filter -L FWKNOP_INPUT -n' failed:
iptables: No chain/target/match by that name.
Feb 20 17:10:11 server7 firewalld: 2015-02-20 17:10:11 ERROR:
COMMAND_FAILED: '/sbin/iptables -C INPUT -t filter -j FWKNOP_INPUT' failed:
iptables: No chain/target/match by that name.
Feb 20 17:10:11 server7 fwknopd[2210]: Added jump rule from chain: INPUT to
chain: FWKNOP_INPUT
Feb 20 17:10:12 server7 fwknopd[2210]: firewalld 'comment' match is
available
Feb 20 17:10:12 server7 fwknopd[2210]: Sniffing interface: ens3
Feb 20 17:10:12 server7 fwknopd[2210]: PCAP filter is: 'udp port 62201'
Feb 20 17:10:12 server7 fwknopd[2210]: Starting fwknopd main event loop.
Feb 20 17:10:15 server7 fwknopd[2210]: (stanza #1) SPA Packet from IP:
135.72.227.124 received with access source match
Feb 20 17:10:15 server7 firewalld: 2015-02-20 17:10:15 ERROR:
COMMAND_FAILED: '/sbin/iptables -t filter -N FWKNOP_INPUT' failed:
iptables: Chain already exists.
Feb 20 17:10:15 server7 firewalld: 2015-02-20 17:10:15 ERROR:
COMMAND_FAILED: '/sbin/iptables -C FWKNOP_INPUT -t filter -p 6 -s
135.72.227.124 -d 0.0.0.0/0 --dport 22 -m comment --comment _exp_1424481045
-j ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that
chain?).
Feb 20 17:10:15 server7 fwknopd[2210]: Added Rule to FWKNOP_INPUT for
135.72.227.124, tcp/22 expires at 1424481045
Trent
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
