Problem starting shorewall6 (or possibly shorewall) on boot
Hello!
When I boot my machine something like the following is printed:
[ 50.220571] xt_addrtype: ipv6 does not support BROADCAST matching
Starting "Shorewall firewall": not done.
Starting "Shorewall6 firewall": not done.
[FAIL] startpar: service(s) returned failure: shorewall shorewall6 ... failed!
(Copied from tty to paper to mail so it may not be verbatim, the only
part of it I can find in my logs is: "[ 50.220571] xt_addrtype: ipv6
does not support BROADCAST matching". Also, the timing of the
xt_addrtype messages varies somewhat... )
After boot my ip{,6}tables look like this:
% sudo iptables -L -n -v
Chain INPUT (policy DROP 343 packets, 21602 bytes)
pkts bytes target prot opt in out source destination
4705 624K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
416 28236 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT udp -- tun0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT udp -- vpn0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp -- eth0 eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT udp -- tun0 tun0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT udp -- vpn0 vpn0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
Chain OUTPUT (policy ACCEPT 8425 packets, 1006K bytes)
pkts bytes target prot opt in out source destination
% sudo ip6tables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
96 27292 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all * * fe80::/10 ::/0
0 0 ACCEPT all * * ::/0 fe80::/10
0 0 ACCEPT all * * ::/0 ff00::/8
29 2580 ACCEPT all lo * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 134 packets, 30472 bytes)
pkts bytes target prot opt in out source destination
At this point starting shorewall-init, shorewall and shorewall6 produces
no errors:
% sudo service shorewall-init start
Initializing "Shorewall-based firewalls": Stopping Shorewall....
done.
Stopping Shorewall6....
done.
done.
% sudo service shorewall start
Starting "Shorewall firewall": done.
% sudo service shorewall6 start
Starting "Shorewall6 firewall": done.
and results in shorewall populated ip{,6}tables which I will only send
if asked in order to keep the noise down.
I'd very much appreciate suggestions for provoking troubleshooting this,
ideally ways to provoke it after boot.
Best regards
/Ulrik Haugen
Reply to: