David Mathog wrote:
Tom Estep wrote:was built with CONFIG_NETFILTER_XT_MATCH_STATE=n (or whatever the option was called back in 2.6.16;The support folks for the machine in question kindly sent me a 2.6.16.60 kernel with CONFIG_NETFILTER_XT_MATCH_STATE=m Sadly, shorewall won't start on that either. The problem (now) shows upat:shorewall -vv start ... Clearing Traffic Control/QOS Deleting user chains... Enabling Loopback and DNS Lookups iptables: No chain/target/match by that name Terminatedandshorewall debug start 2>/tmp/trace tail -20 /tmp/trace + local base=logdrop + local pf + limit='--match limit --limit 5/minute --limit-burst 3' + tag= + command=-A + shift 7 + '[' -n '' -a -n '' ']' + '[' -n '' ']' ++ printf Shorewall:%s:%s: logdrop DROP + prefix=Shorewall:logdrop:DROP: + '[' 23 -gt 29 ']' + case $level in + /sbin/iptables -A logdrop --match limit --limit 5/minute --limit-burst 3 -j LOG --log-level info --log-prefix Shorewall:logdrop:DROP: iptables: No chain/target/match by that name + '[' 1 -ne 0 ']' + '[' -z '' ']' + stop_firewall + case $COMMAND in + set +x Terminated Any idea what it needs this time? It appears to be trying to add a rule for a LOG chain, when there is no such chain. The system in question has syslogd running and all messages are logged over the network to another server's syslogd. Nothing is logged locally because the system disk is a flash drive.
CONFIG_IP_NF_TARGET_LOG Without that option, your firewall can do no logging. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
