On 2/17/13 11:16 AM, "Grant" <[email protected]> wrote: >>> > shorewall-4.5.8.2 is running fine but when I 'shorewall trace >>>restart' >>> > I can see numerous errors in the output. Should these be tracked >> down >>> > and fixed if shorewall is working fine? >>> >>> Can anyone offer advice with this? >>> >>> - Grant >> >> Grant, I think you will probably be more likely to get some advice if >>you >> go ahead and post details of the errors you are seeing. As it stands at >> the moment there is not really enough information to allow people to >> even determine if they might be able to help or not which may explain >> the lack of a reply. > >Sure, sorry about that. I've already cleared up a multitude of these >by adding stuff to the kernel I know I'm not using >(NF_CONNTRACK_AMANDA for example): > >"iptables: No chain/target/match by that name." > >Here are the errors from only the first 15% of the output of >'shorewall trace restart': > >iptables v1.4.16.3: Couldn't load match `ipp2p':No such file or directory > >SYS----> /sbin/iptables -t mangle -A fooX26647 -j IPMARK --addr src >iptables v1.4.16.3: unknown option "--addr" > >SYS----> /sbin/iptables -t rawpost -L -n >iptables v1.4.16.3: can't initialize iptables table `rawpost': Table >does not exist (do you need to insmod?) >Perhaps iptables or your kernel needs to be upgraded. > >SYS----> /sbin/iptables -A fooX26647 -j LOGMARK >iptables v1.4.16.3: Couldn't load target `LOGMARK':No such file or >directory > >SYS----> /sbin/iptables -A fooX26647 -j ACCOUNT --addr 192.168.1.0/29 >--tname fooX26647 >iptables v1.4.16.3: unknown option "--addr" > >SYS----> /sbin/iptables -A fooX26647 -m condition --condition foo >iptables v1.4.16.3: Couldn't load match `condition':No such file or >directory > >SYS----> /sbin/iptables -t mangle -A fooX26647 -j IMQ --todev 0 >iptables v1.4.16.3: unknown option "--todev" > >SYS----> /sbin/iptables -A fooX26647 -m geoip --src-cc US >iptables v1.4.16.3: Couldn't load match `geoip':No such file or directory > >SYS----> nfacct add fooX26647 >Can't exec "nfacct": No such file or directory at >/usr/share/shorewall/Shorewall/Config.pm line 2997. > >I'm a little puzzled by all of this because shorewall seems to work >fine and at least some of the errors reference stuff I know I'm not >using.
Those are harmless -- they are produced when Shorewall is probing your system to determine its capabilities. You can eliminate them (and speed up start/restart) by using a capabilities file. Shorewall show -f capabilities > /etc/shorewall/capabilities. Now, the compiler will simply read the capabilities file rather than probe. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
