On 10/12/10 12:54 AM, Christian Vieser wrote: > Hi, > > yesterday I got a very strange error on our productive firewall when I > tried a "shorewall restart". > Following the output: > > .... > Processing /etc/shorewall/init ... > Setting up Route Filtering... > Setting up Martian Logging... > Setting up Proxy ARP... > Adding Providers... > Setting up Traffic Control... > Preparing iptables-restore input... > Running /sbin/iptables-restore... > iptables-restore v1.4.2: Can't use -A with -A > > Error occurred at line: 182 > Try `iptables-restore -h' or 'iptables-restore --help' for more information. > ERROR: iptables-restore Failed. Input is in > /var/lib/shorewall/.iptables-restore-input > Processing /etc/shorewall/stop ... > Running /sbin/iptables-restore... > IPv4 Forwarding Enabled > Processing /etc/shorewall/stopped ... > ... > > When looking at /var/lib/shorewall/.iptables-restore-input, I saw lines > with a double -A : > -A setsticky -A -p 6 -m multiport --dports 22,5000:10000 -s 10.1.0.49 -d > 212.202.229.26 -m mark --mark 0x2/0xFF -m recent --name sticky001 --set >
From the current Known 4,4,11 Problems linked from the Shorewall home page:
18) The SAME target in tcrules generates invalid iptables-restore
(ip6tables-restore) input.
Corrected in Shorewall 4.4.11.5.
I don't believe that Roberto has received authorization to upload
4.4.11.6 yet but you can install the tarball over the .deb and
everything will work out fine when 4.4.11.6 is finally uploaded to testing.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
