>> > shorewall-4.5.8.2 is running fine but when I 'shorewall trace restart' >> > I can see numerous errors in the output. Should these be tracked > down >> > and fixed if shorewall is working fine? >> >> Can anyone offer advice with this? >> >> - Grant > > Grant, I think you will probably be more likely to get some advice if you > go ahead and post details of the errors you are seeing. As it stands at > the moment there is not really enough information to allow people to > even determine if they might be able to help or not which may explain > the lack of a reply.
Sure, sorry about that. I've already cleared up a multitude of these by adding stuff to the kernel I know I'm not using (NF_CONNTRACK_AMANDA for example): "iptables: No chain/target/match by that name." Here are the errors from only the first 15% of the output of 'shorewall trace restart': iptables v1.4.16.3: Couldn't load match `ipp2p':No such file or directory SYS----> /sbin/iptables -t mangle -A fooX26647 -j IPMARK --addr src iptables v1.4.16.3: unknown option "--addr" SYS----> /sbin/iptables -t rawpost -L -n iptables v1.4.16.3: can't initialize iptables table `rawpost': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. SYS----> /sbin/iptables -A fooX26647 -j LOGMARK iptables v1.4.16.3: Couldn't load target `LOGMARK':No such file or directory SYS----> /sbin/iptables -A fooX26647 -j ACCOUNT --addr 192.168.1.0/29 --tname fooX26647 iptables v1.4.16.3: unknown option "--addr" SYS----> /sbin/iptables -A fooX26647 -m condition --condition foo iptables v1.4.16.3: Couldn't load match `condition':No such file or directory SYS----> /sbin/iptables -t mangle -A fooX26647 -j IMQ --todev 0 iptables v1.4.16.3: unknown option "--todev" SYS----> /sbin/iptables -A fooX26647 -m geoip --src-cc US iptables v1.4.16.3: Couldn't load match `geoip':No such file or directory SYS----> nfacct add fooX26647 Can't exec "nfacct": No such file or directory at /usr/share/shorewall/Shorewall/Config.pm line 2997. I'm a little puzzled by all of this because shorewall seems to work fine and at least some of the errors reference stuff I know I'm not using. - Grant ------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
