+ LEFTSHIFT=<<
+ g_debug_iptables=
+ [ 1 -gt 1 ]
+ [ -z  ]
+ [ -n  ]
+ g_purge=
+ g_noroutes=
+ g_timestamp=
+ g_recovering=
+ g_sha1sum1=sha-lh-997a54168a8720cc80e7
+ g_sha1sum2=sha-rh-e0e0fcf8cefed2d26a1a
+ g_counters=
+ g_compiled=
+ g_file=
+ g_docker=
+ g_dockeringress=
+ g_dockeriso=
+ g_dockerisostage=
+ g_forcereload=
+ g_fallback=
+ [ -n  ]
+ initialize
+ umask 077
+ g_family=4
+ g_confdir=/etc/shorewall
+ g_product=Shorewall
+ g_program=shorewall
+ g_basedir=/usr/share/shorewall
+ CONFIG_PATH=:/etc/shorewall:/usr/share/shorewall
+ [ -f /etc/shorewall/vardir ]
+ [ -n /var/lib/shorewall ]
+ [ -n /var/lib ]
+ [ -n /etc ]
+ [ -n /usr/share ]
+ TEMPFILE=
+ DISABLE_IPV6=
+ MODULESDIR=
+ LOCKFILE=
+ SUBSYSLOCK=
+ LOG_VERBOSITY=2
+ RESTART=restart
+ [ -n reload ]
+ [ -n 0 ]
+ [ -n restore ]
+ SHOREWALL_VERSION=5.2.3.2
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+ TERMINATOR=fatal_error
+ DONT_LOAD=
+ STARTUP_LOG=/var/log/shorewall-init.log
+ [ -z  ]
+ mywhich iptables
+ local dir
+ split /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+ local ifs
+ ifs= 	

+ IFS=:
+ echo /sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin
+ IFS= 	

+ [ -x /sbin/iptables ]
+ echo /sbin/iptables
+ return 0
+ IPTABLES=/sbin/iptables
+ [ -n /sbin/iptables -a -x /sbin/iptables ]
+ IP6TABLES=/sbin/ip6tables
+ IPTABLES_RESTORE=/sbin/iptables-restore
+ [ -x /sbin/iptables-restore ]
+ g_tool=/sbin/iptables
+ g_tool=/sbin/iptables --wait
+ IP=ip
+ TC=tc
+ IPSET=ipset
+ ARPTABLES=/sbin/arptables
+ [ -x /sbin/arptables ]
+ g_stopping=
+ [ -d /var/lib/shorewall ]
+ chain_exists DOCKER nat
+ qt1 /sbin/iptables --wait -t nat -L DOCKER -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t nat -L DOCKER -n
+ status=0
+ [ 0 -ne 4 ]
+ return 0
+ chain_exists DOCKER
+ qt1 /sbin/iptables --wait -t filter -L DOCKER -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t filter -L DOCKER -n
+ status=0
+ [ 0 -ne 4 ]
+ return 0
+ g_docker=Yes
+ chain_exists DOCKER-INGRESS
+ qt1 /sbin/iptables --wait -t filter -L DOCKER-INGRESS -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t filter -L DOCKER-INGRESS -n
+ status=1
+ [ 1 -ne 4 ]
+ return 1
+ chain_exists DOCKER-USER
+ qt1 /sbin/iptables --wait -t filter -L DOCKER-USER -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t filter -L DOCKER-USER -n
+ status=0
+ [ 0 -ne 4 ]
+ return 0
+ g_dockeruser=Yes
+ chain_exists DOCKER-ISOLATION
+ qt1 /sbin/iptables --wait -t filter -L DOCKER-ISOLATION -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t filter -L DOCKER-ISOLATION -n
+ status=1
+ [ 1 -ne 4 ]
+ return 1
+ chain_exists DOCKER-ISOLATION-STAGE-1
+ qt1 /sbin/iptables --wait -t filter -L DOCKER-ISOLATION-STAGE-1 -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t filter -L DOCKER-ISOLATION-STAGE-1 -n
+ status=1
+ [ 1 -ne 4 ]
+ return 1
+ [ -n /var/log/shorewall-init.log ]
+ touch /var/log/shorewall-init.log
+ chmod 0600 /var/log/shorewall-init.log
+ [ 0 -eq 1 ]
+ finished=0
+ [ 0 -eq 0 -a 1 -gt 0 ]
+ option=restart
+ finished=1
+ [ 1 -eq 0 -a 1 -gt 0 ]
+ COMMAND=restart
+ [ 1 -ne 1 ]
+ [ restart = restart ]
+ COMMAND=stop stop_command
+ progress_message3 Stopping Shorewall....
+ local timestamp
+ timestamp=
+ [ 0 -ge 0 ]
+ [ -n  ]
+ echo Stopping Shorewall....
Stopping Shorewall....
+ [ 2 -ge 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:41 
+ echo Mär  4 01:18:41 Stopping Shorewall....
+ detect_configuration
+ true
+ stop_firewall
+ chain_exists dynamic
+ qt1 /sbin/iptables --wait -t filter -L dynamic -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -t filter -L dynamic -n
+ status=0
+ [ 0 -ne 4 ]
+ return 0
+ /sbin/iptables-save -t filter
+ grep ^-A dynamic
+ fgrep -v -- -j ACCEPT
+ [ -n  ]
+ set_state Stopping
+ [ 1 -gt 1 ]
+ date
+ echo Stopping Mi 4. Mär 01:18:41 CET 2020
+ g_stopping=Yes
+ deletechain shorewall
+ qt /sbin/iptables -L shorewall -n
+ /sbin/iptables -L shorewall -n
+ qt /sbin/iptables -F shorewall
+ /sbin/iptables -F shorewall
+ qt /sbin/iptables -X shorewall
+ /sbin/iptables -X shorewall
+ run_stop_exit
+ true
+ [ stop = clear -a -f /proc/sys/net/netfilter/nf_conntrack_helper ]
+ [ stop = stop ]
+ [ -n Yes ]
+ /sbin/iptables -t nat -S DOCKER
+ tail -n +2
+ /sbin/iptables -t nat -S OUTPUT
+ tail -n +2
+ fgrep DOCKER
+ /sbin/iptables -t nat -S POSTROUTING
+ tail -n +2
+ fgrep -v SHOREWALL
+ /sbin/iptables -t filter -S DOCKER
+ tail -n +2
+ rm -f /var/lib/shorewall/.filter_DOCKER-USER
+ [ -n  ]
+ [ -n Yes ]
+ /sbin/iptables -t filter -S DOCKER-USER
+ tail -n +2
+ [ -n  ]
+ [ -n  ]
+ /sbin/iptables -t filter -S FORWARD
+ grep ^-A FORWARD.*[io] br-[a-z0-9]\{12\}
+ [ -s /var/lib/shorewall/.filter_FORWARD ]
+ [ -f /var/lib/shorewall/nat ]
+ read external interface
+ rm -f /var/lib/shorewall/nat
+ [ -f /var/lib/shorewall/proxyarp ]
+ read address interface external haveroute
+ rm -f /var/lib/shorewall/proxyarp
+ delete_tc1
+ run_tcclear_exit
+ true
+ + readrun_ip inx link interface list details

+ ip -4 link list
+ clear_one_tc lo
+ tc qdisc del dev lo root
+ tc qdisc del dev lo ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc ens3
+ tc qdisc del dev ens3 root
+ tc qdisc del dev ens3 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc tun0
+ tc qdisc del dev tun0 root
+ tc qdisc del dev tun0 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc br-ac3db22b180b
+ tc qdisc del dev br-ac3db22b180b root
+ tc qdisc del dev br-ac3db22b180b ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc br-61206706fa14
+ tc qdisc del dev br-61206706fa14 root
+ tc qdisc del dev br-61206706fa14 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc docker0
+ tc qdisc del dev docker0 root
+ tc qdisc del dev docker0 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc veth2735e50@if24
+ tc qdisc del dev veth2735e50 root
+ tc qdisc del dev veth2735e50 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethd826424@if26
+ tc qdisc del dev vethd826424 root
+ tc qdisc del dev vethd826424 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc veth6eaf1d6@if28
+ tc qdisc del dev veth6eaf1d6 root
+ tc qdisc del dev veth6eaf1d6 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc veth5aabacf@if30
+ tc qdisc del dev veth5aabacf root
+ tc qdisc del dev veth5aabacf ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethdf860f7@if32
+ tc qdisc del dev vethdf860f7 root
+ tc qdisc del dev vethdf860f7 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethb2566f3@if34
+ tc qdisc del dev vethb2566f3 root
+ tc qdisc del dev vethb2566f3 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethb5c44a7@if36
+ tc qdisc del dev vethb5c44a7 root
+ tc qdisc del dev vethb5c44a7 ingress
+ read inx interface details
+ read inx interface details
+ undo_routing
+ local undofiles
+ local f
+ [ -z  ]
+ [ -f /var/lib/shorewall/rt_tables ]
+ ls /var/lib/shorewall/undo_*routing
+ undofiles=
+ [ -n  ]
+ restore_default_route Yes
+ local result
+ result=1
+ [ -z  -a -f /var/lib/shorewall/default_route ]
+ return 1
+ progress_message2 Preparing iptables-restore input...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:41 
+ echo Mär  4 01:18:41 Preparing iptables-restore input...
+ exec
+ cat
+ [ -n Yes ]
+ echo :DOCKER - [0:0]
+ cat
+ [ -n Yes ]
+ echo -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
+ [ -f /var/lib/shorewall/.nat_OUTPUT ]
+ cat /var/lib/shorewall/.nat_OUTPUT
+ [ -f /var/lib/shorewall/.nat_POSTROUTING ]
+ cat /var/lib/shorewall/.nat_POSTROUTING
+ [ -f /var/lib/shorewall/.nat_DOCKER ]
+ cat /var/lib/shorewall/.nat_DOCKER
+ cat
+ [ -n Yes ]
+ echo :DOCKER - [0:0]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ [ -n Yes ]
+ echo :DOCKER-USER - [0:0]
+ cat
+ [ -n  ]
+ [ -n Yes ]
+ echo -A FORWARD -j DOCKER-USER
+ [ -n  ]
+ [ -n  ]
+ [ -n Yes ]
+ echo -A FORWARD -o docker0 -j DOCKER
+ echo -A FORWARD -o docker0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ echo -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
+ echo -A FORWARD -i docker0 -o docker0 -j ACCEPT
+ [ -f /var/lib/shorewall/.filter_FORWARD ]
+ cat /var/lib/shorewall/.filter_FORWARD
+ cat
+ [ -n Yes ]
+ echo -A OUTPUT -j DOCKER
+ [ -f /var/lib/shorewall/.filter_DOCKER ]
+ cat /var/lib/shorewall/.filter_DOCKER
+ [ -f /var/lib/shorewall/.filter_DOCKER-INGRESS ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-ISOLATION ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-ISOLATION-STAGE-1 ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-ISOLATION-STAGE-2 ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-USER ]
+ cat /var/lib/shorewall/.filter_DOCKER-USER
+ cat
+ [ -n  ]
+ command=/sbin/iptables-restore --wait 60
+ progress_message2 Running /sbin/iptables-restore --wait 60...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:41 
+ echo Mär  4 01:18:41 Running /sbin/iptables-restore --wait 60...
+ cat /var/lib/shorewall/.iptables-restore-stop-input
+ /sbin/iptables-restore --wait 60
+ [ 0 != 0 ]
+ rm -f /var/lib/shorewall/*.address
+ rm -f /var/lib/shorewall/*.gateway
+ run_stopped_exit
+ true
+ set_state Stopped
+ [ 1 -gt 1 ]
+ date
+ echo Stopped Mi 4. Mär 01:18:41 CET 2020
+ mylogger kern.info Shorewall Stopped
+ local level
+ level=kern.info
+ shift
+ [ -n  ]
+ logger -p kern.info Shorewall Stopped
+ [ -n  ]
+ progress_message3 done.
+ local timestamp
+ timestamp=
+ [ 0 -ge 0 ]
+ [ -n  ]
+ echo done.
done.
+ [ 2 -ge 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:41 
+ echo Mär  4 01:18:41 done.
+ return 0
+ COMMAND=start start_command
+ product_is_started
+ qt1 /sbin/iptables --wait -L shorewall -n
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -L shorewall -n
+ status=1
+ [ 1 -ne 4 ]
+ return 1
+ progress_message3 Starting Shorewall....
+ local timestamp
+ timestamp=
+ [ 0 -ge 0 ]
+ [ -n  ]
+ echo Starting Shorewall....
Starting Shorewall....
+ [ 2 -ge 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Starting Shorewall....
+ detect_configuration
+ true
+ define_firewall
+ local options
+ progress_message2 Initializing...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Initializing...
+ echo MODULESDIR=""
+ cat
+ reload_kernel_modules
+ local save_modules_dir
+ save_modules_dir=
+ local directory
+ local moduledirectories
+ moduledirectories=
+ local moduleloader
+ moduleloader=modprobe
+ local uname
+ local extras
+ qt mywhich modprobe
+ mywhich modprobe
+ [ -n  ]
+ [ -z  ]
+ uname -r
+ uname=4.19.0-8-amd64
+ MODULESDIR=/lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter:/lib/modules/4.19.0-8-amd64/kernel/net/netfilter:/lib/modules/4.19.0-8-amd64/kernel/net/sched:/lib/modules/4.19.0-8-amd64/extra:/lib/modules/4.19.0-8-amd64/extra/ipset
+ [ -n  ]
+ [ -d /sys/module/ ]
+ split /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter:/lib/modules/4.19.0-8-amd64/kernel/net/netfilter:/lib/modules/4.19.0-8-amd64/kernel/net/sched:/lib/modules/4.19.0-8-amd64/extra:/lib/modules/4.19.0-8-amd64/extra/ipset
+ local ifs
+ ifs= 	

+ IFS=:
+ echo /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/sched /lib/modules/4.19.0-8-amd64/extra /lib/modules/4.19.0-8-amd64/extra/ipset
+ IFS= 	

+ [ -d /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter ]
+ moduledirectories= /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter
+ [ -d /lib/modules/4.19.0-8-amd64/kernel/net/netfilter ]
+ moduledirectories= /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/netfilter
+ [ -d /lib/modules/4.19.0-8-amd64/kernel/net/sched ]
+ moduledirectories= /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/sched
+ [ -d /lib/modules/4.19.0-8-amd64/extra ]
+ [ -d /lib/modules/4.19.0-8-amd64/extra/ipset ]
+ [ -n  /lib/modules/4.19.0-8-amd64/kernel/net/ipv4/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/netfilter /lib/modules/4.19.0-8-amd64/kernel/net/sched ]
+ read command
+ eval loadmodule nf_conntrack_ftp
+ loadmodule nf_conntrack_ftp
+ local modulename
+ modulename=nf_conntrack_ftp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_ftp
+ local e
+ e=nf_conntrack_ftp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_ftp ]
+ read command
+ eval loadmodule nf_conntrack_h323
+ loadmodule nf_conntrack_h323
+ local modulename
+ modulename=nf_conntrack_h323
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_h323
+ local e
+ e=nf_conntrack_h323
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_h323 ]
+ read command
+ eval loadmodule nf_conntrack_irc
+ loadmodule nf_conntrack_irc
+ local modulename
+ modulename=nf_conntrack_irc
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_irc
+ local e
+ e=nf_conntrack_irc
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_irc ]
+ read command
+ eval loadmodule nf_conntrack_netbios_ns
+ loadmodule nf_conntrack_netbios_ns
+ local modulename
+ modulename=nf_conntrack_netbios_ns
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_netbios_ns
+ local e
+ e=nf_conntrack_netbios_ns
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_netbios_ns ]
+ read command
+ eval loadmodule nf_conntrack_netlink
+ loadmodule nf_conntrack_netlink
+ local modulename
+ modulename=nf_conntrack_netlink
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_netlink
+ local e
+ e=nf_conntrack_netlink
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_netlink ]
+ read command
+ eval loadmodule nf_conntrack_pptp
+ loadmodule nf_conntrack_pptp
+ local modulename
+ modulename=nf_conntrack_pptp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_pptp
+ local e
+ e=nf_conntrack_pptp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_pptp ]
+ read command
+ eval loadmodule nf_conntrack_proto_gre
+ loadmodule nf_conntrack_proto_gre
+ local modulename
+ modulename=nf_conntrack_proto_gre
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_proto_gre
+ local e
+ e=nf_conntrack_proto_gre
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_proto_gre ]
+ read command
+ eval loadmodule nf_conntrack_proto_sctp
+ loadmodule nf_conntrack_proto_sctp
+ local modulename
+ modulename=nf_conntrack_proto_sctp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_proto_sctp
+ local e
+ e=nf_conntrack_proto_sctp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_proto_sctp ]
+ modprobe -q nf_conntrack_proto_sctp
+ read command
+ eval loadmodule nf_conntrack_proto_udplite
+ loadmodule nf_conntrack_proto_udplite
+ local modulename
+ modulename=nf_conntrack_proto_udplite
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_proto_udplite
+ local e
+ e=nf_conntrack_proto_udplite
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_proto_udplite ]
+ modprobe -q nf_conntrack_proto_udplite
+ read command
+ eval loadmodule nf_conntrack_sip sip_direct_media=0
+ loadmodule nf_conntrack_sip sip_direct_media=0
+ local modulename
+ modulename=nf_conntrack_sip
+ shift
+ local moduleoptions
+ moduleoptions=sip_direct_media=0
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_sip
+ local e
+ e=nf_conntrack_sip
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_sip ]
+ read command
+ eval loadmodule nf_conntrack_tftp
+ loadmodule nf_conntrack_tftp
+ local modulename
+ modulename=nf_conntrack_tftp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_tftp
+ local e
+ e=nf_conntrack_tftp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_tftp ]
+ read command
+ eval loadmodule nf_conntrack_sane
+ loadmodule nf_conntrack_sane
+ local modulename
+ modulename=nf_conntrack_sane
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_conntrack_sane
+ local e
+ e=nf_conntrack_sane
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_conntrack_sane ]
+ read command
+ eval loadmodule nf_nat_amanda
+ loadmodule nf_nat_amanda
+ local modulename
+ modulename=nf_nat_amanda
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_amanda
+ local e
+ e=nf_nat_amanda
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_amanda ]
+ read command
+ eval loadmodule nf_nat_ftp
+ loadmodule nf_nat_ftp
+ local modulename
+ modulename=nf_nat_ftp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_ftp
+ local e
+ e=nf_nat_ftp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_ftp ]
+ read command
+ eval loadmodule nf_nat_h323
+ loadmodule nf_nat_h323
+ local modulename
+ modulename=nf_nat_h323
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_h323
+ local e
+ e=nf_nat_h323
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_h323 ]
+ read command
+ eval loadmodule nf_nat_irc
+ loadmodule nf_nat_irc
+ local modulename
+ modulename=nf_nat_irc
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_irc
+ local e
+ e=nf_nat_irc
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_irc ]
+ read command
+ eval loadmodule nf_nat
+ loadmodule nf_nat
+ local modulename
+ modulename=nf_nat
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat
+ local e
+ e=nf_nat
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat ]
+ read command
+ eval loadmodule nf_nat_pptp
+ loadmodule nf_nat_pptp
+ local modulename
+ modulename=nf_nat_pptp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_pptp
+ local e
+ e=nf_nat_pptp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_pptp ]
+ read command
+ eval loadmodule nf_nat_proto_gre
+ loadmodule nf_nat_proto_gre
+ local modulename
+ modulename=nf_nat_proto_gre
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_proto_gre
+ local e
+ e=nf_nat_proto_gre
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_proto_gre ]
+ read command
+ eval loadmodule nf_nat_sip
+ loadmodule nf_nat_sip
+ local modulename
+ modulename=nf_nat_sip
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_sip
+ local e
+ e=nf_nat_sip
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_sip ]
+ read command
+ eval loadmodule nf_nat_snmp_basic
+ loadmodule nf_nat_snmp_basic
+ local modulename
+ modulename=nf_nat_snmp_basic
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_snmp_basic
+ local e
+ e=nf_nat_snmp_basic
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_snmp_basic ]
+ read command
+ eval loadmodule nf_nat_tftp
+ loadmodule nf_nat_tftp
+ local modulename
+ modulename=nf_nat_tftp
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_nat_tftp
+ local e
+ e=nf_nat_tftp
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_nat_tftp ]
+ read command
+ eval loadmodule ipt_LOG
+ loadmodule ipt_LOG
+ local modulename
+ modulename=ipt_LOG
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search ipt_LOG
+ local e
+ e=ipt_LOG
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/ipt_LOG ]
+ modprobe -q ipt_LOG
+ read command
+ eval loadmodule nf_log_ipv4
+ loadmodule nf_log_ipv4
+ local modulename
+ modulename=nf_log_ipv4
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nf_log_ipv4
+ local e
+ e=nf_log_ipv4
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nf_log_ipv4 ]
+ read command
+ eval loadmodule xt_LOG
+ loadmodule xt_LOG
+ local modulename
+ modulename=xt_LOG
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search xt_LOG
+ local e
+ e=xt_LOG
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/xt_LOG ]
+ read command
+ eval loadmodule xt_NFLOG
+ loadmodule xt_NFLOG
+ local modulename
+ modulename=xt_NFLOG
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search xt_NFLOG
+ local e
+ e=xt_NFLOG
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/xt_NFLOG ]
+ read command
+ eval loadmodule nfnetlink_log
+ loadmodule nfnetlink_log
+ local modulename
+ modulename=nfnetlink_log
+ shift
+ local moduleoptions
+ moduleoptions=
+ local modulefile
+ local suffix
+ [ -d /sys/module/ ]
+ list_search nfnetlink_log
+ local e
+ e=nfnetlink_log
+ [ 1 -gt 1 ]
+ return 1
+ [ ! -d /sys/module/nfnetlink_log ]
+ read command
+ MODULESDIR=
+ run_init_exit
+ true
+ load_ipsets
+ true
+ [ start = reload ]
+ rm -f /var/lib/shorewall/.UPnP
+ rm -f /var/lib/shorewall/.forwardUPnP
+ [ -n Yes ]
+ /sbin/iptables -t nat -S DOCKER
+ tail -n +2
+ /sbin/iptables -t nat -S OUTPUT
+ tail -n +2
+ fgrep DOCKER
+ /sbin/iptables -t nat -S POSTROUTING
+ tail -n +2
+ fgrep -v SHOREWALL
+ /sbin/iptables -t filter -S DOCKER
+ tail -n +2
+ rm -f /var/lib/shorewall/.filter_DOCKER-USER
+ [ -n  ]
+ [ -n Yes ]
+ /sbin/iptables -t filter -S DOCKER-USER
+ tail -n +2
+ [ -n  ]
+ [ -n  ]
+ /sbin/iptables -t filter -S FORWARD
+ grep ^-A FORWARD.*[io] br-[a-z0-9]\{12\}
+ [ -s /var/lib/shorewall/.filter_FORWARD ]
+ qt1 /sbin/iptables -L shorewall -n
+ local status
+ [ 1 ]
+ /sbin/iptables -L shorewall -n
+ status=1
+ [ 1 -ne 4 ]
+ return 1
+ delete_proxyarp
+ [ -f /var/lib/shorewall/proxyarp ]
+ [ -f /var/lib/shorewall/nat ]
+ delete_tc1
+ run_tcclear_exit
+ true
+ run_ip link list
+ ip -4 link list
+ read inx interface details
+ clear_one_tc lo
+ tc qdisc del dev lo root
+ tc qdisc del dev lo ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc ens3
+ tc qdisc del dev ens3 root
+ tc qdisc del dev ens3 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc tun0
+ tc qdisc del dev tun0 root
+ tc qdisc del dev tun0 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc br-ac3db22b180b
+ tc qdisc del dev br-ac3db22b180b root
+ tc qdisc del dev br-ac3db22b180b ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc br-61206706fa14
+ tc qdisc del dev br-61206706fa14 root
+ tc qdisc del dev br-61206706fa14 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc docker0
+ tc qdisc del dev docker0 root
+ tc qdisc del dev docker0 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc veth2735e50@if24
+ tc qdisc del dev veth2735e50 root
+ tc qdisc del dev veth2735e50 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethd826424@if26
+ tc qdisc del dev vethd826424 root
+ tc qdisc del dev vethd826424 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc veth6eaf1d6@if28
+ tc qdisc del dev veth6eaf1d6 root
+ tc qdisc del dev veth6eaf1d6 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc veth5aabacf@if30
+ tc qdisc del dev veth5aabacf root
+ tc qdisc del dev veth5aabacf ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethdf860f7@if32
+ tc qdisc del dev vethdf860f7 root
+ tc qdisc del dev vethdf860f7 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethb2566f3@if34
+ tc qdisc del dev vethb2566f3 root
+ tc qdisc del dev vethb2566f3 ingress
+ read inx interface details
+ read inx interface details
+ clear_one_tc vethb5c44a7@if36
+ tc qdisc del dev vethb5c44a7 root
+ tc qdisc del dev vethb5c44a7 ingress
+ read inx interface details
+ read inx interface details
+ setup_common_rules
+ progress_message2 Setting up Route Filtering...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Setting up Route Filtering...
+ [ -f /proc/sys/net/ipv4/conf/all/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/br-61206706fa14/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/br-ac3db22b180b/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/default/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/docker0/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/ens3/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/lo/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/tun0/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/veth2735e50/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/veth5aabacf/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/veth6eaf1d6/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethb2566f3/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethb5c44a7/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethd826424/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethdf860f7/rp_filter ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/ens3/rp_filter ]
+ echo 1
+ echo 1
+ echo 1
+ [ -n  ]
+ ip -4 route flush cache
+ progress_message2 Setting up Martian Logging...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Setting up Martian Logging...
+ [ -f /proc/sys/net/ipv4/conf/all/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/br-61206706fa14/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/br-ac3db22b180b/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/default/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/docker0/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/ens3/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/lo/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/tun0/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/veth2735e50/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/veth5aabacf/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/veth6eaf1d6/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethb2566f3/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethb5c44a7/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethd826424/log_martians ]
+ echo 1
+ [ -f /proc/sys/net/ipv4/conf/vethdf860f7/log_martians ]
+ echo 1
+ echo 0
+ [ -f /proc/sys/net/netfilter/nf_conntrack_helper ]
+ progress_message Disabling Kernel Automatic Helper Association
+ local timestamp
+ timestamp=
+ [ 0 -gt 1 ]
+ [ 2 -gt 1 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Disabling Kernel Automatic Helper Association
+ echo 0
+ return 0
+ setup_routing_and_traffic_shaping
+ [ -z  ]
+ undo_routing
+ local undofiles
+ local f
+ [ -z  ]
+ [ -f /var/lib/shorewall/rt_tables ]
+ ls /var/lib/shorewall/undo_*routing
+ undofiles=
+ [ -n  ]
+ restore_default_route Yes
+ local result
+ result=1
+ [ -z  -a -f /var/lib/shorewall/default_route ]
+ return 1
+ cat
+ cat
+ cat
+ cat
+ 
+ [ start = restore ]
+ setup_netfilter
+ local option
+ [ start = reload -a -n  ]
+ option=--wait 60
+ progress_message2 Preparing iptables-restore input...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Preparing iptables-restore input...
+ exec
+ cat
+ [ -n Yes ]
+ echo :DOCKER - [0:0]
+ cat
+ [ -n Yes ]
+ echo -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
+ [ -f /var/lib/shorewall/.nat_OUTPUT ]
+ cat /var/lib/shorewall/.nat_OUTPUT
+ [ -f /var/lib/shorewall/.nat_POSTROUTING ]
+ cat /var/lib/shorewall/.nat_POSTROUTING
+ cat
+ [ -f /var/lib/shorewall/.nat_DOCKER ]
+ cat /var/lib/shorewall/.nat_DOCKER
+ cat
+ [ -n Yes ]
+ echo :DOCKER - [0:0]
+ [ -n  ]
+ [ -n  ]
+ [  = Two ]
+ [  = Two ]
+ [ -n Yes ]
+ echo :DOCKER-USER - [0:0]
+ cat
+ [ -n  ]
+ [ -n Yes ]
+ echo -A FORWARD -j DOCKER-USER
+ [ -n  ]
+ [ -n  ]
+ [ -n Yes ]
+ echo -A FORWARD -o docker0 -j DOCKER
+ echo -A FORWARD -o docker0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ echo -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
+ echo -A FORWARD -i docker0 -o docker0 -j ACCEPT
+ [ -f /var/lib/shorewall/.filter_FORWARD ]
+ cat /var/lib/shorewall/.filter_FORWARD
+ cat
+ [ -n Yes ]
+ echo -A OUTPUT -j DOCKER
+ cat
+ [ -f /var/lib/shorewall/.filter_DOCKER ]
+ cat /var/lib/shorewall/.filter_DOCKER
+ [ -f /var/lib/shorewall/.filter_DOCKER-INGRESS ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-ISOLATION ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-ISOLATION-STAGE-1 ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-ISOLATION-STAGE-2 ]
+ [ -f /var/lib/shorewall/.filter_DOCKER-USER ]
+ cat /var/lib/shorewall/.filter_DOCKER-USER
+ cat
+ [ -f /var/lib/shorewall/.dynamic ]
+ cat /var/lib/shorewall/.dynamic
+ cat
+ exec
+ [ -n  ]
+ command=/sbin/iptables-restore --wait 60
+ progress_message2 Running /sbin/iptables-restore --wait 60...
+ local timestamp
+ timestamp=
+ [ 0 -gt 0 ]
+ [ 2 -gt 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 Running /sbin/iptables-restore --wait 60...
+ cat /var/lib/shorewall/.iptables-restore-input
+ /sbin/iptables-restore --wait 60
+ [ 0 != 0 ]
+ conditionally_flush_conntrack
+ [ -n  ]
+ run_start_exit
+ true
+ do_iptables -N shorewall
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -N shorewall
+ status=0
+ [ 0 -ne 4 ]
+ return 0
+ do_iptables -A shorewall -m recent --set --name %CURRENTTIME
+ local status
+ [ 1 ]
+ /sbin/iptables --wait -A shorewall -m recent --set --name %CURRENTTIME
+ status=0
+ [ 0 -ne 4 ]
+ return 0
+ set_state Started /etc/shorewall/
+ [ 2 -gt 1 ]
+ date
+ echo Started Mi 4. Mär 01:18:42 CET 2020 from /etc/shorewall/
+ my_pathname
+ local pwd
+ pwd=/usr/share/shorewall/Shorewall
+ dirname /var/lib/shorewall/firewall
+ cd /var/lib/shorewall
+ basename /var/lib/shorewall/firewall
+ echo /var/lib/shorewall/firewall
+ cd /usr/share/shorewall/Shorewall
+ my_pathname=/var/lib/shorewall/firewall
+ [ /var/lib/shorewall/firewall = /var/lib/shorewall/firewall ]
+ run_started_exit
+ true
+ date
+ mylogger kern.info Shorewall started
+ local level
+ level=kern.info
+ shift
+ [ -n  ]
+ logger -p kern.info Shorewall started
+ status=0
+ [ 0 -eq 0 ]
+ [ -n  ]
+ progress_message3 done.
+ local timestamp
+ timestamp=
+ [ 0 -ge 0 ]
+ [ -n  ]
+ echo done.
done.
+ [ 2 -ge 0 ]
+ date +%b %e %T
+ timestamp=Mär  4 01:18:42 
+ echo Mär  4 01:18:42 done.
+ return 0
+ exit 0