Hi Tom & Thomas, 2016-12-09 23:27 GMT+01:00 Tom Eastep <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 12/09/2016 12:21 PM, Csányi Pál wrote: >> 2016-12-09 19:35 GMT+01:00 Csányi Pál <[email protected]>: >>> Hi Tom & Thomas, >>> >>> 2016-12-09 19:18 GMT+01:00 Thomas Deutschmann >>> <[email protected]>: >>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >>>> >>>> On 2016-12-09 18:49, Csányi Pál wrote: >>>>> I just run it and get that rule: >>>>> >>>>> iptables: No chain/target/match by that name. ERROR: Command >>>>> "/sbin/iptables --wait -t filter -A INPUT -j LOG --log-level >>>>> 6 --log-prefix "Shorewall:INPUT:REJECT:"" Failed >>>> >>>> Like Tom already said you probably don't have LOG support in >>>> your kernel. Please check for "xt_LOG" module (aka "ipt_LOG"). >>>> >>>> Look for CONFIG_NETFILTER_XT_TARGET_LOG in your kernel config. >>> >>> Indeed, in my kernel this option was not enabled. I just enabled >>> it <M> CONFIG_NETFILTER_XT_TARGET_LOG >>> >>> and now I am waiting for the kernel build to be complete. Then >>> shall reboot my system and see what is in /var/log/message >>> logfile. >> >> This is interesting. After I rebuilded my kernel with >> CONFIG_NETFILTER_XT_TARGET_LOG enabled and restarted my Gentoo >> linux system, Shorewall started at boot successfully. >> >> cspg pali # shorewall status Shorewall-5.0.11 Status at cspg - >> 2016. dec. 9., péntek, 21.15.56 CET >> >> Shorewall is running State:Started 2016. dec. 9., péntek, 21.13.16 >> CET from /etc/shorewall/ (/var/lib/shorewall/firewall compiled >> 2016. dec. 9., péntek, 21.13.16 CET by Shorewall version 5.0.11) >> >> What happened so the problem disappeared? >> >> However, in /var/log/messages where syslog-ng reports log there is >> no changes regarding shorewall start: Dec 9 21:18:06 cspg >> pali[5728]: Shorewall Stopped Dec 9 21:18:07 cspg pali[6008]: >> Shorewall started >> >> lsmod shows this: xt_NFLOG 16384 0 nfnetlink_log >> 20480 1 xt_NFLOG xt_LOG 16384 7 >> >> I think these are related with the compiled kernel module >> CONFIG_NETFILTER_XT_TARGET_LOG, right? >> >> So, the problem is solved, but do not know how? >> > > The lack of the xt_LOG module did not generate any log messages, but > it prevented the firewall from starting. Now that the module is > available, the firewall is able to start normally. > > - -Tom > - -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org
Thank you very much for help! -- Best, Pali ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
