On 10/05/2017 09:51 PM, Daniel Nelson wrote: > On Thu, Oct 05, 2017 at 09:45:26PM -0700, Tom Eastep wrote: >> On 10/05/2017 09:35 PM, Daniel Nelson wrote: >>> On Thu, Oct 05, 2017 at 08:05:37AM -0700, Tom Eastep wrote: >>>> Please look in your kernel log to see what netfilter messages are issued >>>> when this failure occurs. Also, with a hashlimit rule in place, try >>>> 'shorewall debug reload' -- that can give better diagnostic information. >>> >>> I don't see any logs of interest in kern.log, messages, or elsewhere, but >>> here >>> is the output of 'shorewall debug reload': >>> >>> Running debug_restore_input... >>> iptables: No chain/target/match by that name. >>> ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -m >>> hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-name >>> lograte --hashlimit-mode srcip -j LOG --log-level 6 --log-prefix "INPUT >>> REJECT "" Failed >>> >> >> What is the output of 'shorewall show capabilities | fgrep HASHLIMIT'? > > $ sudo shorewall show capabilities | fgrep HASHLIMIT > Hashlimit Match (HASHLIMIT_MATCH): Available >
And does this work? iptables -N foo iptables -A foo -j LOG -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users