[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problem starting shorewall6 (or possibly shorewall) on boot

Hello!

When I boot my machine something like the following is printed:

[   50.220571] xt_addrtype: ipv6 does not support BROADCAST matching
Starting "Shorewall firewall": not done.
Starting "Shorewall6 firewall": not done.
[FAIL] startpar: service(s) returned failure: shorewall shorewall6 ... failed!

(Copied from tty to paper to mail so it may not be verbatim, the only
part of it I can find in my logs is: "[   50.220571] xt_addrtype: ipv6
does not support BROADCAST matching". Also, the timing of the
xt_addrtype messages varies somewhat... )


After boot my ip{,6}tables look like this:

% sudo iptables -L -n -v
Chain INPUT (policy DROP 343 packets, 21602 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4705  624K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  416 28236 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 ACCEPT     udp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 ACCEPT     udp  --  vpn0   *       0.0.0.0/0            0.0.0.0/0            udp dpts:67:68

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  eth0   eth0    0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 ACCEPT     udp  --  tun0   tun0    0.0.0.0/0            0.0.0.0/0            udp dpts:67:68
    0     0 ACCEPT     udp  --  vpn0   vpn0    0.0.0.0/0            0.0.0.0/0            udp dpts:67:68

Chain OUTPUT (policy ACCEPT 8425 packets, 1006K bytes)
 pkts bytes target     prot opt in     out     source               destination         
% sudo ip6tables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   96 27292 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all      *      *       fe80::/10            ::/0                
    0     0 ACCEPT     all      *      *       ::/0                 fe80::/10           
    0     0 ACCEPT     all      *      *       ::/0                 ff00::/8            
   29  2580 ACCEPT     all      lo     *       ::/0                 ::/0                

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      *      *       ::/0                 ::/0                 ctstate RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 134 packets, 30472 bytes)
 pkts bytes target     prot opt in     out     source               destination         


At this point starting shorewall-init, shorewall and shorewall6 produces
no errors:

% sudo service shorewall-init start
Initializing "Shorewall-based firewalls": Stopping Shorewall....
done.
Stopping Shorewall6....
done.
done.
% sudo service shorewall start     
Starting "Shorewall firewall": done.
% sudo service shorewall6 start
Starting "Shorewall6 firewall": done.

and results in shorewall populated ip{,6}tables which I will only send
if asked in order to keep the noise down.


I'd very much appreciate suggestions for provoking troubleshooting this,
ideally ways to provoke it after boot.

Best regards
/Ulrik Haugen
Reply to: