On Thu, Oct 05, 2017 at 09:59:34PM -0700, Tom Eastep wrote: > On 10/05/2017 09:51 PM, Daniel Nelson wrote: > > On Thu, Oct 05, 2017 at 09:45:26PM -0700, Tom Eastep wrote: > >> On 10/05/2017 09:35 PM, Daniel Nelson wrote: > >>> On Thu, Oct 05, 2017 at 08:05:37AM -0700, Tom Eastep wrote: > >>>> Please look in your kernel log to see what netfilter messages are issued > >>>> when this failure occurs. Also, with a hashlimit rule in place, try > >>>> 'shorewall debug reload' -- that can give better diagnostic information. > >>> > >>> I don't see any logs of interest in kern.log, messages, or elsewhere, but > >>> here > >>> is the output of 'shorewall debug reload': > >>> > >>> Running debug_restore_input... > >>> iptables: No chain/target/match by that name. > >>> ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -m > >>> hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-name > >>> lograte --hashlimit-mode srcip -j LOG --log-level 6 --log-prefix "INPUT > >>> REJECT "" Failed > >>> > >> > >> What is the output of 'shorewall show capabilities | fgrep HASHLIMIT'? > > > > $ sudo shorewall show capabilities | fgrep HASHLIMIT > > Hashlimit Match (HASHLIMIT_MATCH): Available > > > > And does this work? > > iptables -N foo > iptables -A foo -j LOG
$ sudo iptables -N foo $ sudo iptables -A foo -j LOG iptables: No chain/target/match by that name. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users