Tom Eastep wrote:
> Farkas Levente wrote:
>> hi,
>> after i upgrade our shorewall from 3.2.9 to 3.4.1 and update all config
>> files etc and run on the central server (we use lite on the firewalls)
>> i've got the following error:
>> -------------------------------------
>> # shorewall reload portal
>> ...
>> Creating action chain Limit
>> iptables v1.2.11: log-level `none' unknown
>> Try `iptables -h' or 'iptables --help' for more information.
>> Processing /etc/shorewall/servers/portal/stop ...
>> IP Forwarding Enabled
>> Processing /etc/shorewall/servers/portal/stopped ...
>> /sbin/shorewall-lite: line 301: 26778 Terminated
>> $SHOREWALL_SHELL ${LITEDIR}/firewall $debugging restart
>> -------------------------------------
>> what can be the problem and how can i find the reasons? (stopped is
>> empty, so the problems is somewhere else).
>
> The technique for analyzing these kinds of errors is still described in the
> Troubleshooting Guide (http://www.shorewall.net/troubleshoot.htm). And if
> you need to report the problem, please follow the Support Guide
> (http://www.shorewall.net/support.htm#Guidelines).
thanks. so after a debug session i've got the error bellow while in my
rules there is a line:
Limit:none:SSH2,3,60 net dmz:$NS2_IP tcp ssh
it seems the new Limit code is not the same as the old one?! or at least
the compiler differs. anyway the error is true since shorewall call
iptables as "--log-level none" it seems to me that the previous version
do not append the log-level to iptables if it was none (afais in the
previous version's debug list).
so imho it's a bug in the new code.
yours.
---------------------------------------------------
+ progress_message2 'Creating action chain Limit'
+ local timestamp=
+ '[' 1 -gt 0 ']'
+ '[' -n '' ']'
+ echo 'Creating action chain Limit'
+ run_iptables -A %Limit -m recent --name SSH2 --set
+ '[' -n '' ']'
+ /sbin/iptables -A %Limit -m recent --name SSH2 --set
+ '[' 0 -ne 0 ']'
+ run_iptables -N %Limit%
+ '[' -n '' ']'
+ /sbin/iptables -N %Limit%
+ '[' 0 -ne 0 ']'
+ do_log_rule_limit none %Limit% SSH2 DROP '' '' -A
+ local level=none
+ local chain=%Limit%
+ local displayChain=SSH2
+ local disposition=DROP
+ local rulenum=
+ local limit=
+ local tag=
+ local command=
+ local prefix
++ chain_base SSH2
++ local c=SSH2
++ true
++ case $c in
++ echo SSH2
++ return
+ local base=SSH2
+ local pf
+ limit=
+ tag=
+ command=-A
+ shift 7
+ '[' -n '' -a -n '' ']'
+ '[' -n '' ']'
++ printf Shorewall:%s:%s: SSH2 DROP
+ prefix=Shorewall:SSH2:DROP:
+ '[' 20 -gt 29 ']'
+ case $level in
+ /sbin/iptables -A %Limit% -j LOG --log-level none --log-prefix
Shorewall:SSH2:DROP:
iptables v1.2.11: log-level `none' unknown
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 2 -ne 0 ']'
+ '[' -z '' ']'
+ stop_firewall
+ case $COMMAND in
+ set +x
Processing /etc/shorewall/servers/portal/stop ...
IP Forwarding Enabled
Processing /etc/shorewall/servers/portal/stopped ...
/sbin/shorewall-lite: line 301: 1283 Terminated
$SHOREWALL_SHELL ${LITEDIR}/firewall $debugging restart
---------------------------------------------------
--
Levente "Si vis pacem para bellum!"
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
