Re: [Shorewall-users] Error during shorewall reload.

Naveen Neelakanta Wed, 22 Jan 2020 14:23:07 -0800

Hi Tom,

Please find the output of the requested commands




#shorewall show -f capabilities




# Shorewall 5.2.0.4 detected the following iptables/netfilter capabilities
- Wed Jan 22 22:19:04 UTC 2020

#

ACCOUNT_TARGET=

ADDRTYPE=

AMANDA_HELPER=Yes

ARPTABLESJF=

AUDIT_TARGET=

BASIC_EMATCH=Yes

BASIC_FILTER=Yes

CAPVERSION=50200

CHECKSUM_TARGET=

CLASSIFY_TARGET=Yes

COMMENTS=Yes

CONDITION_MATCH=

CONNLIMIT_MATCH=Yes

CONNMARK=Yes

CONNMARK_MATCH=Yes

CONNTRACK_MATCH=Yes

CPU_FANOUT=Yes

CT_TARGET=Yes

DSCP_MATCH=Yes

DSCP_TARGET=Yes

EMULTIPORT=Yes

ENHANCED_REJECT=Yes

EXMARK=Yes

FLOW_FILTER=Yes

FTP0_HELPER=

FTP_HELPER=Yes

FWMARK_RT_MASK=Yes

GEOIP_MATCH=

GOTO_TARGET=Yes

H323_HELPER=Yes

HASHLIMIT_MATCH=Yes

HEADER_MATCH=

HELPER_MATCH=Yes

IFACE_MATCH=

IMQ_TARGET=

IPMARK_TARGET=

IPP2P_MATCH=

IPRANGE_MATCH=

IPSET_MATCH=Yes

IPSET_MATCH_COUNTERS=Yes

IPSET_MATCH_NOMATCH=Yes

IPSET_V5=Yes

IPTABLES_S=Yes

IRC0_HELPER=

IRC_HELPER=Yes

KERNELVERSION=41017

KLUDGEFREE=

LENGTH_MATCH=Yes

LOGMARK_TARGET=

LOG_TARGET=Yes

MANGLE_ENABLED=Yes

MANGLE_FORWARD=Yes

MARK=Yes

MARK_ANYWHERE=Yes

MASQUERADE_TGT=Yes

MULTIPORT=Yes

NAT_ENABLED=Yes

NAT_INPUT_CHAIN=Yes

NETBIOS_NS_HELPER=Yes

NETMAP_TARGET=Yes

NEW_CONNTRACK_MATCH=Yes

NEW_TOS_MATCH=Yes

NFACCT_MATCH=

NFLOG_SIZE=

NFLOG_TARGET=Yes

NFQUEUE_TARGET=Yes

OLD_CONNTRACK_MATCH=

OLD_HL_MATCH=

OLD_IPP2P_MATCH=

OLD_IPSET_MATCH=

OWNER_MATCH=

OWNER_NAME_MATCH=

PERSISTENT_SNAT=Yes

PHYSDEV_BRIDGE=

PHYSDEV_MATCH=

POLICY_MATCH=Yes

PPTP_HELPER=Yes

RAW_TABLE=Yes

REALM_MATCH=Yes

REAP_OPTION=

RECENT_MATCH=

RESTORE_WAIT_OPTION=

RPFILTER_MATCH=Yes

SANE0_HELPER=

SANE_HELPER=Yes

SIP0_HELPER=

SIP_HELPER=Yes

SNMP_HELPER=

STATISTIC_MATCH=Yes

TARPIT_TARGET=

TCPMSS_MATCH=Yes

TCPMSS_TARGET=Yes

TFTP0_HELPER=

TFTP_HELPER=Yes

TIME_MATCH=

TPROXY_TARGET=

UDPLITEREDIRECT=

ULOG_TARGET=

WAIT_OPTION=Yes

XCONNMARK=Yes

XCONNMARK_MATCH=Yes

XMARK=Yes

XMULTIPORT=Yes

#lsmod

Module                  Size  Used by

xt_statistic            1511  0

xt_connlimit            5187  0

xt_helper               1563  0

xt_realm                1159  0

xt_NFQUEUE              4070  0

xt_tcpmss               1609  0

xt_set                  8012  0

ip_set_hash_ip         19812  0

ip_set                 24808  2 xt_set,ip_set_hash_ip

ipt_rpfilter            2036  0

xt_DSCP                 2379  0

xt_dscp                 1899  0

xt_CLASSIFY             1293  0

xt_TCPMSS               3436  0

xt_length               1452  0

xt_connmark             2077  0

xt_NETMAP               2094  0

xt_nat                  2250  0

sch_sfq                10519  128

sch_hfsc               14104  8

esp4                    6785  45

xt_comment              1163  6

ipt_MASQUERADE          1387  6

nf_nat_masquerade_ipv4     2057  1 ipt_MASQUERADE

ipt_REJECT              1585  4

nf_reject_ipv4          2675  1 ipt_REJECT

xt_policy               2586  133

iptable_nat             2143  1

xt_mark                 1381  1

iptable_mangle          1843  1

xt_hashlimit           10627  3

xt_tcpudp               2607  55

xt_CT                   3626  112

iptable_raw             1636  1

xt_multiport            1894  1

xt_conntrack            3401  43

xt_NFLOG                1326  0

nfnetlink_log           8753  1 xt_NFLOG

nf_log_ipv4             4181  3

nf_log_common           3346  1 nf_log_ipv4

xt_LOG                  1551  3

nf_conntrack_sane       4412  0

nf_conntrack_netlink    24197  0

nfnetlink               5732  3 nfnetlink_log,ip_set,nf_conntrack_netlink

nf_nat_tftp             1286  0

nf_nat_sip              8605  0

nf_nat_pptp             2450  0

nf_nat_proto_gre        1517  1 nf_nat_pptp

nf_nat_irc              1766  0

nf_nat_h323             6183  0

nf_nat_ftp              2092  0

nf_nat_amanda           1480  0

nf_conntrack_tftp       4017  13 nf_nat_tftp

nf_conntrack_sip       21362  13 nf_nat_sip

nf_conntrack_pptp       4370  13 nf_nat_pptp

nf_conntrack_proto_gre     3964  1 nf_conntrack_pptp

nf_conntrack_netbios_ns     1309  0

nf_conntrack_broadcast     1421  1 nf_conntrack_netbios_ns

nf_conntrack_irc        3979  1 nf_nat_irc

nf_conntrack_h323      41984  1 nf_nat_h323

nf_conntrack_ftp        6942  13 nf_nat_ftp

nf_conntrack_amanda     2453  1 nf_nat_amanda

iptable_filter          1891  1

ip_tables              15017  4
iptable_mangle,iptable_filter,iptable_raw,iptable_nat

x_tables               18084  32
xt_comment,ipt_rpfilter,xt_hashlimit,xt_LOG,xt_multiport,ipt_REJECT,xt_nat,iptable_mangle,xt_statistic,ip_tables,iptable_filter,xt_length,xt_set,xt_mark,xt_dscp,xt_tcpudp,xt_realm,iptable_raw,xt_tcpmss,xt_NETMAP,ipt_MASQUERADE,xt_connmark,xt_NFQUEUE,xt_helper,xt_connlimit,xt_policy,xt_DSCP,xt_CT,xt_CLASSIFY,xt_conntrack,xt_TCPMSS,xt_NFLOG

icp_qat_netkey         15607  43

xfrm_user              25697  5

sha512_generic          5865  2

icp_qa_al            1495132  2 icp_qat_netkey

8021q                  19007  0

plcm_drv                4971  0

dummy                   3415  0

ppp_generic            24718  0

slhc                    5299  1 ppp_generic

vport_vxlan             2263  1

openvswitch           149184  23 vport_vxlan

nf_defrag_ipv6         23170  1 openvswitch

nf_conntrack_ipv4       7352  136

nf_defrag_ipv4          1836  1 nf_conntrack_ipv4

nf_nat_ipv4             4891  2 openvswitch,iptable_nat

nf_nat                 17671  13
nf_nat_pptp,nf_nat_proto_gre,xt_nat,nf_nat_h323,nf_nat_sip,openvswitch,xt_NETMAP,nf_nat_irc,nf_nat_ftp,nf_nat_amanda,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat_tftp

libcrc32c               1234  2 openvswitch,nf_nat

nf_conntrack           87157  32
nf_nat_pptp,nf_conntrack_sip,nf_conntrack_irc,xt_nat,nf_nat_h323,nf_conntrack_ftp,nf_nat_sip,openvswitch,nf_conntrack_ipv4,nf_conntrack_tftp,xt_NETMAP,ipt_MASQUERADE,nf_nat_irc,xt_connmark,nf_conntrack_pptp,nf_conntrack_amanda,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_sane,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_conntrack_proto_gre,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_h323,xt_conntrack,nf_nat_ipv4,nf_nat_tftp,nf_nat

parport_pc             17157  0

parport                21693  1 parport_pc



Thanks,

Naveen

On Wed, Jan 22, 2020 at 11:31 AM Tom Eastep <teas...@shorewall.net> wrote:

> On 1/22/20 11:16 AM, Naveen Neelakanta wrote:
> > Hi All,
> >
> > When do we see the below error, is there a way to reproduce this,
> > Shorewall was restart recovered this.
> >
> > /etc/init.d/shorewall reload _pid:2890, error:Compiling using Shorewall
> > 5.2.0.4...
> >
> >    ERROR: Per-ip log rate limiting requires Hashlimit Match in your
> > kernel and iptables /usr/share/shorewall/helpers (EOF)
> >
> >
> > I appreciate any help with this error.
> >
> >
>
> What is the output of 'shorewall show -f capabilities' on this system?
>
> Also, what is the output produced by 'ls /sys/modules/'?
>
> Thanks,
> -Tom
> --
> Tom Eastep        \ Q: What do you get when you cross a mobster
> Shoreline,         \    with an international standard?
> Washington, USA     \ A: Someone who makes you an offer you
> http://shorewall.org \    can't understand
>                       \________________________________________
>
>

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Error during shorewall reload.

Reply via email to