On 10/7/23 05:20, Christophe PEREZ wrote:
Hi,
I've been going around in circles for several days without finding a
solution, although I have read the docs in every direction and done
multiple searches.
I am unable to use dynamic zones with shorewall.
I'm using Gentoo, and my kernel is compiled manually.
I can't figure out if my kernel is missing something, or if it's
somewhere else.
The error is simple:
# shorewall check /etc/shorewall.test/
Checking using Shorewall 5.2.8...
Processing /etc/shorewall.test/params ...
Processing /etc/shorewall.test/shorewall.conf...
Loading Modules...
Compiling /etc/shorewall.test/zones...
Compiling /etc/shorewall.test/interfaces...
Interface "net eth0" Validated
Compiling /etc/shorewall.test/hosts...
ERROR: Dynamic nets require Ipset Match in your kernel and iptables
/etc/shorewall.test/hosts (line 11)
# cat /etc/shorewall.test/hosts
sshok eth0:dynamic
# grep -E "IP_SET|NETFILTER_XT_SET" /usr/src/linux/.config
CONFIG_NETFILTER_XT_SET=y
CONFIG_IP_SET=y
CONFIG_IP_SET_MAX=256
# CONFIG_IP_SET_BITMAP_IP is not set
# CONFIG_IP_SET_BITMAP_IPMAC is not set
# CONFIG_IP_SET_BITMAP_PORT is not set
# CONFIG_IP_SET_HASH_IP is not set
# CONFIG_IP_SET_HASH_IPMARK is not set
# CONFIG_IP_SET_HASH_IPPORT is not set
# CONFIG_IP_SET_HASH_IPPORTIP is not set
# CONFIG_IP_SET_HASH_IPPORTNET is not set
# CONFIG_IP_SET_HASH_IPMAC is not set
# CONFIG_IP_SET_HASH_MAC is not set
# CONFIG_IP_SET_HASH_NETPORTNET is not set
# CONFIG_IP_SET_HASH_NET is not set
# CONFIG_IP_SET_HASH_NETNET is not set
# CONFIG_IP_SET_HASH_NETPORT is not set
# CONFIG_IP_SET_HASH_NETIFACE is not set
# CONFIG_IP_SET_LIST_SET is not set
Should I have net-firewall/ipset-7.17-r1 installed or not?
Should I have net-firewall/xtables-addons-3.24 installed or not? And if
so, with which modules? Currently, I have it with geoip and iface.
Can I be certain that my problem is with my kernel compilation options
or can I be certain otherwise?
Thank you in advance to anyone who will try to provide me with valuable
help.
Not realy an answer but have a look at [1].
[1] https://shorewall.org/configuration_file_basics.htm#capabilities
--
Matt Darfeuille <m...@shorewall.org>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users