-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/09/2016 12:21 PM, Csányi Pál wrote: > 2016-12-09 19:35 GMT+01:00 Csányi Pál <[email protected]>: >> Hi Tom & Thomas, >> >> 2016-12-09 19:18 GMT+01:00 Thomas Deutschmann >> <[email protected]>: >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >>> >>> On 2016-12-09 18:49, Csányi Pál wrote: >>>> I just run it and get that rule: >>>> >>>> iptables: No chain/target/match by that name. ERROR: Command >>>> "/sbin/iptables --wait -t filter -A INPUT -j LOG --log-level >>>> 6 --log-prefix "Shorewall:INPUT:REJECT:"" Failed >>> >>> Like Tom already said you probably don't have LOG support in >>> your kernel. Please check for "xt_LOG" module (aka "ipt_LOG"). >>> >>> Look for CONFIG_NETFILTER_XT_TARGET_LOG in your kernel config. >> >> Indeed, in my kernel this option was not enabled. I just enabled >> it <M> CONFIG_NETFILTER_XT_TARGET_LOG >> >> and now I am waiting for the kernel build to be complete. Then >> shall reboot my system and see what is in /var/log/message >> logfile. > > This is interesting. After I rebuilded my kernel with > CONFIG_NETFILTER_XT_TARGET_LOG enabled and restarted my Gentoo > linux system, Shorewall started at boot successfully. > > cspg pali # shorewall status Shorewall-5.0.11 Status at cspg - > 2016. dec. 9., péntek, 21.15.56 CET > > Shorewall is running State:Started 2016. dec. 9., péntek, 21.13.16 > CET from /etc/shorewall/ (/var/lib/shorewall/firewall compiled > 2016. dec. 9., péntek, 21.13.16 CET by Shorewall version 5.0.11) > > What happened so the problem disappeared? > > However, in /var/log/messages where syslog-ng reports log there is > no changes regarding shorewall start: Dec 9 21:18:06 cspg > pali[5728]: Shorewall Stopped Dec 9 21:18:07 cspg pali[6008]: > Shorewall started > > lsmod shows this: xt_NFLOG 16384 0 nfnetlink_log > 20480 1 xt_NFLOG xt_LOG 16384 7 > > I think these are related with the compiled kernel module > CONFIG_NETFILTER_XT_TARGET_LOG, right? > > So, the problem is solved, but do not know how? >
The lack of the xt_LOG module did not generate any log messages, but it prevented the firewall from starting. Now that the module is available, the firewall is able to start normally. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYSy/GAAoJEJbms/JCOk0QCzIQAL7YScbixqsAwQax/Pj4dtKD jWGYd1ZKSH4MU/7iGR5CGAuw/9OnGpz1dXRd19Sy+ufppSmburpAD0a17dMEppuq +iOwiBi6w0TTTBw5ETnqeETFjmh3mN4cp/0SuIKnvGdBAIrFZ+KQ2MemJ2X1nfGA 9gnOauY+CMlFSJ/wmgFeK445t0vlft6sIgXXqvzDGn6GpGkDDy8j4WlwkbNA4/Rl aBZAbnRO2N8JFEktMrs3QxssD5z1KvYWrCFv/VZSbjE9Q+qcy0nkz9OZVmLB4yhi m6bKEv+s55KzHMoVBi6k83baRMVv5a+lisDeZssVpxnvgQB7xqiuGaPH5Jta9dEm 2VFCaRFqV+df3MehYMIRw5puGje12yZXjGaoatkMi7iodgFjUa2ok7K9gBu4Gvu9 Ue0RSkr/QS9oINU6+FCgS2lBeL1z3cYfA/wYF9pJvgQvwpx48pTjX/eiaysC+WVr YBzoWyDDKcKIl0qjGlsBRhXA7nPPTNuwmPrAZukBg7VPkS2o5uP1uQEdH2IBxDpI 8EUz7UL+/nEzTMw4BHjaL2+7bIdW96/8nNb3y+S2OlpVbv6rzYi7brzr99/r90vS 6PdH77/N1Hn7j3RQFs2WQHjqmm9gOjhoMRrmOohNK50Rn4lc3gHselUwR0HxxzKz +iaeXQm4OdwC1CiI0GVP =QsLC -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
