Tom Eastep wrote: > Phil Cordier wrote: >> OK, I am stuck. I have installed the latest 2.6.20 kernel and turned on >> every imaginable netfilter option - have installed latest iptables 1.3.7 >> - but, as soon as I try to use a CONTINUE policy, I just get : >> >> ... >> Applying Policies... >> iptables v1.3.7: Couldn't load target >> `CONTINUE':/usr/local/lib/iptables/libipt_CONTINUE.so: cannot open >> shared object file: No such file or directory >> >> Try `iptables -h' or 'iptables --help' for more information. >> ERROR: Command "/sbin/iptables -A net2c148 -j CONTINUE" Failed
I've been able to reproduce this on 3.4.0 so I assume that is the release that you are running. A patch to /usr/share/shorewall/compiler is attached (it may apply with an offset unless you apply all 3.4.0 patches -- see http://www.shorewall.net/pub/shorewall/3.4/shorewall-3.4.0/known_problems.txt). >> Processing /etc/shorewall/stop ... >> /var/lib/shorewall/.start: line 211: source_ip_range: command not found >> /var/lib/shorewall/.start: line 212: dest_ip_range: command not found > I'm concerned about the above messages. It means that somehow source_ip_range() and dest_ip_range() are getting called out of a compiled script which shouldn't happen. Do you have anything in your /etc/shorewall/stop file? Does this happen on a normal "shorewall stop" or only when you have a startup error in the compiled script? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: compiler =================================================================== --- compiler (revision 5523) +++ compiler (working copy) @@ -3073,6 +3073,8 @@ REJECT) run_iptables -A $1 -j reject ;; + CONTINUE) + ;; *) run_iptables -A $1 -j $target ;;
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
