Hi, shorewall restart fails occassionally complaining one of chains is missing. There are multiple docker networks configured on VM/host.
Shorewall version: 5.2.3.4-1 (debian 11). Kernel running: Debian. /etc/shorewall/interfaces ############################################################################### #ZONE INTERFACE OPTIONS net ens192 dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0,physical=ens192 dock docker0 bridge db_maria br-0637e091497f tcpflags,logmartians,nosmurfs,sourceroute=0,routefilter=1 www1 br-7172e1291701 tcpflags,logmartians,nosmurfs,sourceroute=0,routefilter=1 www2 br-33696d489f5a tcpflags,logmartians,nosmurfs,sourceroute=0,routefilter=1 I already deleted db_maria network/zone and recreated it again. Same issue. If restart fails it always fail for db_maria network only. It hasn't failed for any other docker network/interface. Usually shorewall DEBUG restart is needed to restart succesfully. Sample output 1. Run – without debug # shorewall restart Compiling using Shorewall 5.2.3.4... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... Determining Hosts in Zones... Locating Action Files... Compiling /etc/shorewall/policy... Adding Anti-smurf Rules Adding rules for DHCP Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling Accept Source Routing... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall/rules... Compiling /etc/shorewall/conntrack... Compiling MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Optimizing Ruleset... Creating iptables-restore input... Shorewall configuration compiled to /var/lib/shorewall/.restart Stopping Shorewall.... Preparing iptables-restore input... Running /sbin/iptables-restore --wait 60... iptables-restore v1.8.7 (nf_tables): Chain 'db_maria_frwd' does not exist Error occurred at line: 131 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ERROR: /sbin/iptables-restore --wait 60 Failed. done. Starting Shorewall.... Initializing... Setting up Route Filtering... Setting up Martian Logging... Setting up Accept Source Routing... Preparing iptables-restore input... Running /sbin/iptables-restore --wait 60... Processing /etc/shorewall/started ... done. 1. Run – with debug # shorewall debug restart Stopping Shorewall.... Preparing iptables-restore input... Running debug_restore_input... iptables v1.8.7 (nf_tables): Chain 'db_maria_frwd' does not exist Try `iptables -h' or 'iptables --help' for more information. ERROR: Command "/sbin/iptables --wait -t filter -A FORWARD -i br-0637e091497f -j db_maria_frwd" Failed Terminated 1. Run – without debug # shorewall restart Stopping Shorewall.... Preparing iptables-restore input... Running /sbin/iptables-restore --wait 60... done. Starting Shorewall.... Initializing... Setting up Route Filtering... Setting up Martian Logging... Setting up Accept Source Routing... Preparing iptables-restore input... Running /sbin/iptables-restore --wait 60... Processing /etc/shorewall/started ... done. 1. Run -without debug # shorewall restart Stopping Shorewall.... Preparing iptables-restore input... Running /sbin/iptables-restore --wait 60... iptables-restore v1.8.7 (nf_tables): Chain 'db_maria_frwd' does not exist Error occurred at line: 131 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ERROR: /sbin/iptables-restore --wait 60 Failed. done. Starting Shorewall.... Initializing... Setting up Route Filtering... Setting up Martian Logging... Setting up Accept Source Routing... Preparing iptables-restore input... Running /sbin/iptables-restore --wait 60... Processing /etc/shorewall/started ... done. Any idea? Regards, Jernej
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
