On Jul 4, 2011, at 10:12 AM, Steven Jan Springl wrote: > Using kernel 2.6.39, iptables 1.4.11.1 and > xtables-addons 1.37 (selecting build_ipset6). > > On a system where shorewall6 has not been started. > > If the shorewall interfaces file contains: > > lan eth0 - nets=dynamic > > then the following error message is produced: > > ERROR: Dynamic nets require Ipset Match in your kernel and > iptables : /etc/shorewallA/interfaces (line 11) > > "shorewall show -f capabilities | grep IPSET" shows the following: > > IPSET_MATCH= > OLD_IPSET_MATCH= > IPSET_V5=Yes > > If I start shorewall6 then start shorewall, the problem doesn't occur. In > this > case the output from "shorewall show -f capabilities | grep IPSET" shows: > > IPSET_MATCH=Yes > OLD_IPSET_MATCH= > IPSET_V5=Yes > > Comparing the ouput from lsmod before and after shorewall6 is started shows > xt_set is loaded by shorewall6 and not by shorewall.
Thanks, Steven What is the setting of LOAD_HELPERS_ONLY in both products? -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
