Tom Using kernel 2.6.39, iptables 1.4.11.1 and xtables-addons 1.37 (selecting build_ipset6).
On a system where shorewall6 has not been started. If the shorewall interfaces file contains: lan eth0 - nets=dynamic then the following error message is produced: ERROR: Dynamic nets require Ipset Match in your kernel and iptables : /etc/shorewallA/interfaces (line 11) "shorewall show -f capabilities | grep IPSET" shows the following: IPSET_MATCH= OLD_IPSET_MATCH= IPSET_V5=Yes If I start shorewall6 then start shorewall, the problem doesn't occur. In this case the output from "shorewall show -f capabilities | grep IPSET" shows: IPSET_MATCH=Yes OLD_IPSET_MATCH= IPSET_V5=Yes Comparing the ouput from lsmod before and after shorewall6 is started shows xt_set is loaded by shorewall6 and not by shorewall. Steven. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
