>>> # /etc/init.d/shorewall restart >>> * Stopping firewall ... >>> * Starting firewall ... >>> iptables: No chain/target/match by that name. >>> >>> How can I find out which chain/target/match I need to compile into the >>> kernel? shorewall-init.log does not indicate any problems and I have >>> LOG_VERBOSITY=2 in shorewall.conf which is the maximum. >> >> I hade the same problem. Using "shorewall trace restart" I could figure >> out which chain/target/match that was missing. > > Thanks, that got them. A couple oddities: > > 'shorewall trace restart' produced output the same as > shorewall-init.log which contained no info useful for this purpose. > However, 'shorewall trace restart > file.txt' sent completely > different output to file.txt which did contain all of the needed info. > How can that be?
I didn't actually make the comparison between 'shorewall trace restart' and 'shorewall trace restart > file.txt'. I only compared the console output to the contents of file.txt after running the single command 'shorewall trace restart > file.txt'. Considering this, I think the above makes sense because it would have redirected certain output to the file and only the remaining output would have appeared on the console. - Grant > I got a lot of "No such file or directory" lines in file.txt for stuff > like -j LOGMARK, -m condition, -m geoip, -m ipp2p, nfacct which I > can't find in the kernel. Numerous other miscellaneous errors there > too. Ignore them if they aren't outputted by the initscript? > > - Grant