Hi, good question.
First, I am not sure if I experience the same problem: On my Gentoo test systems with shorewall-4.5.19 and shorewall-4.5.20 (not yet in tree), both require iptables-1.4.20, I don't see a problem on boot with shorewall-init (not yet in tree, too) nor shorewall itself (the test systems have both, IPv4 and IPv6 connection, so I am using shorewall and shorewall6). But: If I restart an interface (/etc/init.d/net.eth0 restart), Gentoo will first stop all depending services, which include shorewall and shorewall6, bring down the interface, bring up the interface again and will finally start the previous stopped depending services (=shorewall and shorewall6) again. That's the point where I see a failure like yours, sometimes: shorewall is unable to start because some iptables modules aren't yet ready. Keep in mind: shorewall was up an running before... without any problems: > # /etc/init.d/net.eth0 restart > * Caching service dependencies ... > [ ok ] > * Stopping shorewall6 ... > [ ok ] > * Stopping shorewall ... > [ ok ] > * Stopping nginx ... > [ ok ] > * Unmounting network filesystems ... > [ ok ] > * Stopping distccd ... > [ ok ] > * Stopping sshd ... > [ ok ] > * Bringing down interface eth0 > * Running postdown ... > * Removing outgoing IPv6 settings > [ ok ] > * Bringing up interface eth0 > * Waiting for carrier (10 seconds) ... > [ ok ] > * XXX.XXX.XXX.XX1/27 ... > [ ok ] > * XXX.XXX.XXX.XX2/29 ... > [ ok ] > * XXX.XXX.XXX.XX3/29 ... > [ ok ] > * XXX.XXX.XXX.XX4/29 ... > [ ok ] > * XXX.XXX.XXX.XX5/29 ... > [ ok ] > * XXX.XXX.XXX.XX6/29 ... > [ ok ] > * XXX.XXX.XXX.XX7/29 ... > [ ok ] > * XXX.XXX.XXX.XX8/29 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::1/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::2/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::3/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::4/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::5/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::6/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::7/64 ... > [ ok ] > * ZZZZ:ZZZZ:ZZZZ:ZZZZ::8/64 ... > [ ok ] > * Adding routes > * default via XXX.XXX.XXX.254 src XXX.XXX.XXX.XX1 ... > [ ok ] > * default via fe80::1 ... > [ ok ] > * Waiting for IPv6 addresses ... > [ ok ] > * Running postup ... > * Setting label for ZZZZ:ZZZZ:ZZZZ:ZZZZ::1/64 > * Setting outgoing IPv6 to ZZZZ:ZZZZ:ZZZZ:ZZZZ::5 > * Starting distccd ... > * Starting shorewall6 ... > * Starting shorewall ... > * Mounting network filesystems ... > [ ok ] > * Checking nginx' configuration ... > * Starting sshd ... > [ ok ] > * Starting nginx ... > [ ok ] > ERROR: Log level INFO requires LOG Target in your kernel and iptables > [ !! ] > * ERROR: shorewall6 failed to start > ERROR: UNTRACKED state requires Raw Table in your kernel and iptables > [ !! ] > * ERROR: shorewall failed to start I can immediately start shorewall manually (/etc/init.d/shorewall start) and it will start without any problems. So this looks like a timing issue, right. Is this the same you are talking about? -Thomas
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
