[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't run shorewall with kernel 2.6.20.2

On Fri, 9 Mar 2007 22:46:30 -0500
"Roberto C. Sanchez" <roberto@connexer.com> wrote:

> On Sat, Mar 10, 2007 at 05:00:34AM +0200, Micha Feigin wrote:
> > I tried upgrading to kernel 2.6.20 and 2.6.20.2 but shorewall refuses to
> > start.
> > 
> > The only error I get is: (from /var/log/shorewall-init.log)
> > 
> > [...]
> > Shorewall configuration compiled to /var/lib/shorewall/.start
> > Starting Shorewall....
> > Initializing...
> > Clearing Traffic Control/QOS
> > Deleting user chains...
> > iptables: No chain/target/match by that name
> >    ERROR: Command "/sbin/iptables -A FORWARD -m state --state
> > ESTABLISHED,RELATED -j ACCEPT" Failed iptables: No chain/target/match by
> > that name iptables: No chain/target/match by that name
> > /sbin/shorewall: line 531:  1991 Terminated              ${VARDIR}/.start
> > $debugging start
> > 
> Please provide the following:
> 
> distribution of Debian

Debian unstable

> version of shorewall

3.2.9-1

> version of iptables

1.3.6.0debian1-5

> method by which kernel was built

Vanilla kernel + software suspend + dsdt fixes (debian doesn't have 2.6.20.2
yet)

The sections I believe are relevant to the firewall from the config:

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK is not set
# CONFIG_NF_CONNTRACK_ENABLED is not set
CONFIG_NETFILTER_XTABLES=m
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
CONFIG_NETFILTER_XT_MATCH_STRING=m
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set

#
# IP: Netfilter Configuration
#
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_RECENT is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
CONFIG_IP_NF_MANGLE=m
# CONFIG_IP_NF_TARGET_TOS is not set
# CONFIG_IP_NF_TARGET_ECN is not set
# CONFIG_IP_NF_TARGET_TTL is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_ARPTABLES is not set



> 
> Regards,
> 
> -Roberto
>
Reply to: