Il 06/02/2018 22:36, Tom Eastep ha scritto: > Actually, it appears as if your iptables/kernel do not have the ipset > match capability (IPSET_MATCH). You can see that by: > > shorewall show -f capabilities | fgrep IPSET > > Here is what I see on Debian 9.3: > > root@gateway:~# shorewall show -f capabilities | fgrep IPSET > IPSET_MATCH_COUNTERS=Yes > IPSET_MATCH_NOMATCH=Yes > IPSET_MATCH=Yes > IPSET_V5=Yes > OLD_IPSET_MATCH= > root@gateway:~# >
Thanks Tom. You're right.. In fact, in my capabilities file I don't have any "IPSET_" item. What version is your kernel? Mine is # uname -a Linux fwgate 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) x86_64 GNU/Linux Thanks! N -- +---------------------+ | Linux User #554252 | +---------------------+ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
