>> I'm getting the following when restarting shorewall: >> >> # /etc/init.d/shorewall restart >> * Stopping firewall ... >> * Starting firewall ... >> iptables: No chain/target/match by that name. >> >> How can I find out which chain/target/match I need to compile into the >> kernel? shorewall-init.log does not indicate any problems and I have >> LOG_VERBOSITY=2 in shorewall.conf which is the maximum. > > I hade the same problem. Using "shorewall trace restart" I could figure > out which chain/target/match that was missing.
Thanks, that got them. A couple oddities: 'shorewall trace restart' produced output the same as shorewall-init.log which contained no info useful for this purpose. However, 'shorewall trace restart > file.txt' sent completely different output to file.txt which did contain all of the needed info. How can that be? I got a lot of "No such file or directory" lines in file.txt for stuff like -j LOGMARK, -m condition, -m geoip, -m ipp2p, nfacct which I can't find in the kernel. Numerous other miscellaneous errors there too. Ignore them if they aren't outputted by the initscript? - Grant
