rewall-users] Save ipsets
On 11/04/2017 03:07 AM, Dik wrote:
> ~# shorewall version -a
> shorewall-core: 5.0.15.6
> shorewall: 5.0.15.6
> /var/lib/shorewall/firewall was compiled Fri 3 Nov 14:43:06 GMT 2017 by
> Shorewall version 5.0.15.6
>
> ~# ipset -v
> ipset v6.30
~# shorewall version -a
shorewall-core: 5.0.15.6
shorewall: 5.0.15.6
/var/lib/shorewall/firewall was compiled Fri 3 Nov 14:43:06 GMT 2017 by
Shorewall version 5.0.15.6
~# ipset -v
ipset v6.30, protocol version: 6
http://shorewall.net/ipsets.html
I have set SAVE_IPSETS=Yes in shorewall.conf
~#
Thank you
From: Tom Eastep <teas...@shorewall.net>
Sent: 12 December 2016 16:55:31
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Multiple ipsets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/12/2016 03:59 AM, Dik
shorewall version 4.5.5.3
I am trying to use some ipsets to protect a specific service. When using a
single ipset containing my own ip it works as expected with following in
/etc/shorewall/rules :
DNATnet:!+myip dmz:10.0.0.101 tcp 443 -
xxx.xxx.xxx.xxx
The
When I do
# shorewall show capabilities
it hangs and there's nothing to grep
# ipset -V
ipset v6.12.1, protocol version: 6
# ipset --help | grep -P hash:ip
hash:ip,port,net
hash:ip,port,net
hash:ip,port,net
hash:ip,port,ip
hash:ip,port
hash:ip
If I use screen to run shorewall show capabilities then I can see the following
process running in top
ipset -N fooX22329 hash:ip family init
--
Meet PCI DSS 3.0 Compliance
Also shorewall show capabilities gives the same error in the log
kernel: Can't find ip_set type hash:ip
--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Sorry, yes typo. it reads :
ipset -N fooX259244 hash:ip family inet
# cat /etc/debian_version
7.6
The command
ipset -N fooX22329 hash:ip family inet
also hangs in the terminal while showing in top
I have done a kernel update but the machine has not been rebooted to use the
new kernel. Could
So what does the error mean ?
kernel: Can't find ip_set type hash:ip
I have already connected Proxmox who say that until they developed their own
firewall they used Shorewall. However since Shorewall is not included with
Proxmox as standard they do not support it. Their newly developed
:~# lsmod
Module Size Used by
dm_snapshot30545 0
vzethdev8189 0
vznetdev 19264 18
pio_nfs18511 0
pio_direct 27912 0
pfmt_raw3213 0
pfmt_ploop1 6384 0
ploop
~# modprobe ip_set_hash_ip
libkmod: ERROR ../libkmod/libkmod.c:554 kmod_search_moddep: could not open
moddep file '/lib/modules/2.6.32-24--pve/modules.dep.bin'
When I do :
~# ls /lib/modules/*/modules.dep.bin
I can only see modules for the most recently installed kernel.
I have now
Can't anyone shed any light on what this error means, there's nothing on the
internet other than my posts
kernel: Can't find ip_set type hash:ip--
Meet PCI DSS 3.0 Compliance
Running Shorewall on Proxmox 3.3 (Debian 7). Proxmox native firewall disabled.
This machine has been running for1yr with no reboot. This problem has only
happened in the last week.
When I run /sbin/shorewall restart it hangs at :
# /sbin/shorewall restart
Compiling...
Processing
13 matches
Mail list logo