2016-12-09 19:35 GMT+01:00 Csányi Pál <[email protected]>: > Hi Tom & Thomas, > > 2016-12-09 19:18 GMT+01:00 Thomas Deutschmann <[email protected]>: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> On 2016-12-09 18:49, Csányi Pál wrote: >>> I just run it and get that rule: >>> >>> iptables: No chain/target/match by that name. ERROR: Command >>> "/sbin/iptables --wait -t filter -A INPUT -j LOG --log-level 6 >>> --log-prefix "Shorewall:INPUT:REJECT:"" Failed >> >> Like Tom already said you probably don't have LOG support in your >> kernel. Please check for "xt_LOG" module (aka "ipt_LOG"). >> >> Look for CONFIG_NETFILTER_XT_TARGET_LOG in your kernel config. > > Indeed, in my kernel this option was not enabled. > I just enabled it <M> CONFIG_NETFILTER_XT_TARGET_LOG > > and now I am waiting for the kernel build to be complete. > Then shall reboot my system and see what is in /var/log/message logfile.
This is interesting. After I rebuilded my kernel with CONFIG_NETFILTER_XT_TARGET_LOG enabled and restarted my Gentoo linux system, Shorewall started at boot successfully. cspg pali # shorewall status Shorewall-5.0.11 Status at cspg - 2016. dec. 9., péntek, 21.15.56 CET Shorewall is running State:Started 2016. dec. 9., péntek, 21.13.16 CET from /etc/shorewall/ (/var/lib/shorewall/firewall compiled 2016. dec. 9., péntek, 21.13.16 CET by Shorewall version 5.0.11) What happened so the problem disappeared? However, in /var/log/messages where syslog-ng reports log there is no changes regarding shorewall start: Dec 9 21:18:06 cspg pali[5728]: Shorewall Stopped Dec 9 21:18:07 cspg pali[6008]: Shorewall started lsmod shows this: xt_NFLOG 16384 0 nfnetlink_log 20480 1 xt_NFLOG xt_LOG 16384 7 I think these are related with the compiled kernel module CONFIG_NETFILTER_XT_TARGET_LOG, right? So, the problem is solved, but do not know how? -- Best, Pali ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
