> I have no idea what's going on on your system. > This is all very strange. After being able to reload shorewall a couple of times (with NO errors, i.e. shorewall executing as it should), I changed my rules file a couple of times, then loaded a few ipsets I needed to test (see below) and amended the rules file again accordingly, tried to reload again and this happened (from my syslog):
Shorewall configuration compiled to /var/lib/shorewall/.restart Restarting Shorewall... iptables-restore v1.4.7: Set tripple-set doesn't exist. [tripple-set is my newly loaded set] <- ** see below Error occured at line: 118 Try 'iptables-restore -h' bla bla bla ERROR: iptables-restore failed. Input is in /var/lib/shorewall/iptables-restore-input ERROR: Shorewall restart failed Shorewall stopped. At the same time I am getting my SELinux moaning (AVC) that it has prevented the shell (/bin/sh) from issuing a process signal (presumably TERM). **This error happens because 'stop/start' has been passed to my /etc/shorewall/init file and ALL ipsets have been wiped out, including those I've just loaded and now iptables cannot find tripple-set, which forms part of my rules my ipsets were loaded from the command line with: ipset -N tripple-set ipportnethash --network 10.1.2.0/24 ipset -A tripple-set 10.1.2.7,22,10.1.1.1/24 then I amended the rules file to include this set as part of a (meaningless) rule: ACCEPT:info $FW:+tripple-set[src,dst,dst] And issued a reload. Again, it is worth noting that the error does NOT happen every time (I will spend some time tomorrow to see what triggers it), but it definitely happens! ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
