Re: [Shorewall-users] Shorewall 4.6.4.3 on Debian & ipsets

Tue, 06 Feb 2018 12:57:24 -0800 

On 02/06/2018 11:38 AM, Nicola Ferrari (#554252) wrote:
> On 06/02/2018 17:38, Nicola Ferrari (#554252) wrote:
>> Hi list!
>>
> 
> 
> I'm sorry guys.. In the previous message I forgot to mention that
> "shorewall show capabilities" gives me the following output:
> 
> 
> Shorewall has detected the following iptables/netfilter capabilities:
>    ACCOUNT Target (ACCOUNT_TARGET): Available
>    Address Type Match (ADDRTYPE): Available
>    Amanda Helper: Available
>    Arptables JF: Not available
>    AUDIT Target (AUDIT_TARGET): Available
>    Basic Ematch (BASIC_EMATCH): Available
>    Basic Filter (BASIC_FILTER): Available
>    Capabilities Version (CAPVERSION): 40600
>    Checksum Target: Available
>    CLASSIFY Target (CLASSIFY_TARGET): Available
>    Comments (COMMENTS): Available
>    Condition Match (CONDITION_MATCH): Available
>    Connection Tracking Match (CONNTRACK_MATCH): Available
>    Connlimit Match (CONNLIMIT_MATCH): Available
>    Connmark Match (CONNMARK_MATCH): Available
>    CONNMARK Target (CONNMARK): Available
>    CT Target (CT_TARGET): Available
>    DSCP Match (DSCP_MATCH): Available
>    DSCP Target (DSCP_TARGET): Available
>    Enhanced Multi-port Match (EMULIPORT): Available
>    Extended Connection Tracking Match Support (NEW_CONNTRACK_MATCH):
> Available
>    Extended Connmark Match (XCONNMARK_MATCH): Available
>    Extended CONNMARK Target (XCONNMARK): Available
>    Extended MARK Target 2 (EXMARK): Available
>    Extended MARK Target (XMARK): Available
>    Extended Multi-port Match (XMULIPORT): Available
>    Extended REJECT (ENHANCED_REJECT): Available
>    FLOW Classifier (FLOW_FILTER): Available
>    FTP-0 Helper: Not available
>    FTP Helper: Available
>    fwmark route mask (FWMARK_RT_MASK): Available
>    Geo IP match: Not available
>    Goto Support (GOTO_TARGET): Available
>    H323 Helper: Available
>    Hashlimit Match (HASHLIMIT_MATCH): Available
>    Header Match (HEADER_MATCH): Not available
>    Helper Match (HELPER_MATCH): Available
>    IMQ Target (IMQ_TARGET): Not available
>    IPMARK Target (IPMARK_TARGET): Available
>    IPP2P Match (IPP2P_MATCH): Available
>    IP range Match(IPRANGE_MATCH): Available
>    ipset V5 (IPSET_V5): Available
>    iptables -S (IPTABLES_S): Available
>    IRC-0 Helper: Not available
>    IRC Helper: Available
>    Kernel Version (KERNELVERSION): 31600
>    LOGMARK Target (LOGMARK_TARGET): Available
>    LOG Target (LOG_TARGET): Available
>    Mangle FORWARD Chain (MANGLE_FORWARD): Available
>    Mark in the filter table (MARK_ANYWHERE): Available
>    MARK Target (MARK): Available
>    MASQUERADE Target: Available
>    Multi-port Match (MULTIPORT): Available
>    NAT (NAT_ENABLED): Available
>    Netbios_ns Helper: Available
>    New tos Match: Available
>    NFAcct match: Not available
>    NFLOG Target (NFLOG_TARGET): Available
>    NFQUEUE Target (NFQUEUE_TARGET): Available
>    Owner Match (OWNER_MATCH): Available
>    Owner Name Match (OWNER_NAME_MATCH): Available
>    Packet length Match (LENGTH_MATCH): Available
>    Packet Mangling (MANGLE_ENABLED): Available
>    Packet Type Match (USEPKTTYPE): Available
>    Persistent SNAT (PERSISTENT_SNAT): Available
>    Physdev-is-bridged Support (PHYSDEV_BRIDGE): Available
>    Physdev Match (PHYSDEV_MATCH): Available
>    Policy Match (POLICY_MATCH): Available
>    PPTP Helper: Available
>    Rawpost Table (RAWPOST_TABLE): Not available
>    Raw Table (RAW_TABLE): Available
>    Realm Match (REALM_MATCH): Available
>    Recent Match "--reap" option (REAP_OPTION): Available
>    Recent Match (RECENT_MATCH): Available
>    Repeat match (KLUDGEFREE): Available
>    RPFilter match: Available
>    SANE-0 Helper: Not available
>    SANE Helper: Available
>    SIP-0 Helper: Not available
>    SIP Helper: Available
>    SNMP Helper: Available
>    Statistic Match (STATISTIC_MATCH): Available
>    TCPMSS Match (TCPMSS_MATCH): Available
>    TFTP-0 Helper: Not available
>    TFTP Helper: Available
>    Time Match (TIME_MATCH): Available
>    TPROXY Target (TPROXY_TARGET): Available
>    UDPLITE Port Redirection: Not available
>    ULOG Target (ULOG_TARGET): Available
> 

Do you possibly have a stale /etc/shorewall/capabilities file?

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to