Can't run shorwall with kernel 2.6.20.2

To: debian-user@lists.debian.org
Subject: Can't run shorwall with kernel 2.6.20.2
From: oscara <oscara@ij.net>
Date: Sun, 11 Mar 2007 03:55:18 +0100 (CET)
Message-id: <listhandler=2&site=www.debianhelp.org&nid=5151&pid=&cid=15385&uid=2990&tid=79&9c2820dcb7cc19a841aba86d45ca0555@www.debianhelp.org>
In-reply-to: <[🔎] 20070310050034.40f172e9@litshi.luna.local>
References: <[🔎] 20070310050034.40f172e9@litshi.luna.local>


I had  a similar problem with the 2.6.20 kernel, I don't run shorewall but use the -m state --state etc line. I found that there were some "new" items in the config that were necessary for the use of state, in particular related to 'conntrack'. Conntack needs to be enabled, I'm not sure how much and can't remember exactly what all was "new", but below are some of the entries I use. I believe the first two are essential.

CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK_SUPPORT=y

CONFIG_NF_CONNTRACK=y
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

CONFIG_NETFILTER_XT_MATCH_STATE=m

CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y

I believe conntrack and state related item need to be enabled, Y or M, for the -m state --state use. When I tried to state my FW script it failed with :
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name

Hope this helps, or maybe you have it fixed already

oscara

Reply to:

References:
- Can't run shorewall with kernel 2.6.20.2
  - From: Micha Feigin <michf@post.tau.ac.il>

Prev by Date: Re: Appointments in Icedove? (was Re: icedove confused with new DST?...)
Next by Date: Re: Appointments in Icedove? (was Re: icedove confused with new DST?...)
Previous by thread: Re: [Partial Solution] Re: Can't run shorewall with kernel 2.6.20.2
Next by thread: Empty crontab
Index(es):
- Date
- Thread