Hi, Tom Eastep wrote: >> Thought that only one box was affected but now I noticed that shorewall6 >> on all the other boxes running kernel >=3.14 won't compile anymore with >> the same error. >> >> I didn't noticed that before, because shorewall was "current" on these >> systems so there was no need to call the compiler and shorewall6 was >> running :) > > Interesting -- I have two boxes running 3.14 kernels (Debian Jessie and > Fedora 18), and I don't see the issue on either of those. Which > distribution are you running? And what is the rule that is triggering > the error?
That's really interesting. My primary boxes are Gentoo Linux systems (we are still at shorewall-4.5.21.10). But I was able to reproduce the same problem with Debian Jessie and shorewall 4.6.1.2-1. Steps to reproduce: # ipset create ipv4_blacklist hash:net # ipset create ipv6_blacklist hash:net # ipset create blacklist list:set # ipset add blacklist ipv4_blacklist # ipset add blacklist ipv6_blacklist # cd /etc/shorewall6 # cp /usr/share/shorewall6/configfiles/blrules . Add > DROP net:+blacklist $FW to blrules. And now it will fail: # shorewall6 safe-restart Compiling... Processing /etc/shorewall6/params ... Processing /etc/shorewall6/shorewall6.conf... Loading Modules... Compiling /etc/shorewall6/zones... Compiling /etc/shorewall6/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /etc/shorewall6/policy... Compiling TCP Flags filtering... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall6/blrules... ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and iptables /etc/shorewall6/blrules (line 12) Notice: I am not running the stock Debian kernel. But this Debian Jessie is on 3.14.13. If you are still unable to reproduce, I will try to reproduce it with a stock Debian Jessie kernel. -Thomas ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
