[Shorewall-users] Problems restarting shorewall v4.4.9

Sun, 09 May 2010 09:03:50 -0700 

Hello:
I just upgraded to shorewall v4.4.9 this morning. My configuration that used to work in v4.4.8 isn't working properly anymore. 

Interestingly if I simply try to restart shorewall:
# shorewall restart
I get the error shown below.


But if I following the instructions on how to report a problem, the 
script compiles, executes without any errors and indeed creates the 
DNSDDOS rules.


Any ideas?

----------

Compiling...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
    Pre-processing /usr/share/shorewall/action.Drop...
    Pre-processing /usr/share/shorewall/action.Reject...
    Pre-processing /etc/shorewall/action.DNSDDOS...
    Pre-processing /etc/shorewall/action.LogLimit...
    Pre-processing /etc/shorewall/action.LogLimit2...
Compiling /etc/shorewall/policy...
Processing /etc/shorewall/initdone...
Compiling /etc/shorewall/blacklist...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/tcinterfaces...
Compiling /etc/shorewall/tcpri...
Compiling /etc/shorewall/masq...

    WARNING: Using an interface as the masq SOURCE requires the 
interface to be up and configured when Shorewall starts/restarts : 
/etc/shorewall/masq (line 12)

Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...

    ERROR: Couldn't run /etc/shorewall/DNSDDOS : 
/usr/share/shorewall/macro.DNS (line 11)


----------

/etc/shorewall/DNSDDOS:
#
# /etc/shorewall/DNSDDOS
#

use Shorewall::Chains;


add_rule $chainref, q(-m string --algo bm --from 29 --to 31 --hex-string 
"|010000010000000000000000020001|" -j DROP);
add_rule $chainref, q(-m string --algo bm --from 29 --to 31 --hex-string 
"|000000010000000000000000020001|" -j DROP);

add_rule $chainref, q(-j ACCEPT);

----------

/etc/shorewall/rules:

#ACTION                         SOURCE          DEST PROTO   DEST 
SOURCE          ORIGINAL        RATE            USER/ MARK    CONNLIMIT 
      TIME

#          PORT    PORT(S)         DEST            LIMIT           GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW

DNS(REJECT):info:locDNS         loc             net
Mail(REJECT):info:locMail       loc             net

Rfc1918(DROP):info:rfc1918      net             all
LogLimit                        net             fw udp     59695

#LogLimit2:info:LogLimit2,1,3600        net             fw          udp 
    59695

DNS(DNSDDOS)                    net             fw
FTP(ACCEPT)                     net             fw
IMAPS(ACCEPT)                   net             fw
POP3S(ACCEPT)                   net             fw
SMTP(ACCEPT)                    net             fw
Submission(ACCEPT)              net             fw
Trcrt(ACCEPT)                   net             fw
Web(ACCEPT)                     net             fw
Limit:info:SSHA,3,60            net             fw tcp     22

COMMENT DNAT HAI Snap-Link

DNAT:info:snap                  net             loc:192.168.69.15 udp 
  4369


COMMENT DNAT uTorrent to desktop

DNAT                            net             loc:192.168.69.100 tcp 
   32459
DNAT                            net             loc:192.168.69.100 udp 
   32459


----------

Thanks.

--
Brian Schang



Attachment:
.restart.bz2

Description: Binary data



Attachment:
trace.bz2

Description: Binary data


------------------------------------------------------------------------------


_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to