Hi, I'm running Shorewall 5.0.11 on Gentoo linux system. This is on my laptop.
Today I realize that that I can't start shorewall service on my system. I recently build my new kernel: 4.4.26-gentoo #1 SMP When I check shorewall settings with # shorewall chec then everything is right. But, when I start shorewall with command: # shorewall start and get messages: Compiling using Shorewall 5.0.11... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /etc/shorewall/policy... Running /etc/shorewall/initdone... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling Accept Source Routing... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall/rules... Compiling /etc/shorewall/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Compiling /usr/share/shorewall/action.Drop for chain Drop... Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast... Generating Rule Matrix... Compiling /usr/share/shorewall/action.Reject for chain Reject... Creating iptables-restore input... Shorewall configuration compiled to /var/lib/shorewall/.start Starting Shorewall.... Initializing... Processing /etc/shorewall/init ... Processing /etc/shorewall/tcclear ... Setting up Route Filtering... Setting up Martian Logging... Setting up Accept Source Routing... Setting up Proxy ARP... Preparing iptables-restore input... Running /sbin/iptables-restore ... iptables-restore: line 195 failed ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input Processing /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ... Preparing iptables-restore input... Running /sbin/iptables-restore... IPv4 Forwarding Disabled! Processing /etc/shorewall/stopped ... /usr/share/shorewall/lib.common: 93. sor: 6892 Finished $SHOREWALL_SHELL $script $options $@ I am trying to follow this: http://www.shorewall.net/troubleshoot.htm Here I found that that maybe the cause of this error is the REJECT support in kernel. In the /var/lib/shorewall/.iptables-restore-input file at line 195 is only: COMMIT In kernel config I have these lines with REJECT: # Core Netfilter Configuration CONFIG_NFT_REJECT=m CONFIG_NFT_REJECT_INET=m # IP: Netfilter Configuration CONFIG_NFT_REJECT_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_IP_NF_TARGET_REJECT=m # IPv6: Netfilter Configuration CONFIG_NFT_REJECT_IPV6=m CONFIG_NF_REJECT_IPV6=m # CONFIG_NFT_BRIDGE_REJECT is not set What can I do to solve my problem? -- Best, Pali ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
