Tom Estep wrote: > was built with CONFIG_NETFILTER_XT_MATCH_STATE=n > (or whatever the option was called back in 2.6.16;
The support folks for the machine in question kindly sent me a 2.6.16.60 kernel with CONFIG_NETFILTER_XT_MATCH_STATE=m Sadly, shorewall won't start on that either. The problem (now) shows up at: shorewall -vv start ... Clearing Traffic Control/QOS Deleting user chains... Enabling Loopback and DNS Lookups iptables: No chain/target/match by that name Terminated and shorewall debug start 2>/tmp/trace tail -20 /tmp/trace + local base=logdrop + local pf + limit='--match limit --limit 5/minute --limit-burst 3' + tag= + command=-A + shift 7 + '[' -n '' -a -n '' ']' + '[' -n '' ']' ++ printf Shorewall:%s:%s: logdrop DROP + prefix=Shorewall:logdrop:DROP: + '[' 23 -gt 29 ']' + case $level in + /sbin/iptables -A logdrop --match limit --limit 5/minute --limit-burst 3 -j LOG --log-level info --log-prefix Shorewall:logdrop:DROP: iptables: No chain/target/match by that name + '[' 1 -ne 0 ']' + '[' -z '' ']' + stop_firewall + case $COMMAND in + set +x Terminated Any idea what it needs this time? It appears to be trying to add a rule for a LOG chain, when there is no such chain. The system in question has syslogd running and all messages are logged over the network to another server's syslogd. Nothing is logged locally because the system disk is a flash drive. Thanks, David Mathog [EMAIL PROTECTED] Manager, Sequence Analysis Facility, Biology Division, Caltech ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
