I'm getting this in a case where there is no ip6tables in use. Is there a
workaround for this? Its using the Shorewall from Debian stable.
# shorewall version
4.5.5.3
# shorewall try /etc/shorewall
...
ERROR: Log level INFO requires LOG Target in your kernel and iptables
# uname -a
Linux hk2server 3.4.0-cloud #1 SMP Thu May 24 05:12:36 EDT 2012 i686
GNU/Linux
On 5 September 2013 01:11, Tom Eastep <[email protected]> wrote:
> On 09/04/2013 08:20 AM, Mau wrote:
> > Hi Thomas,
> >
> > Il 04/09/2013 14:02, Thomas D. ha scritto:
> >> [...]
> >>
> >> shorewall is unable to start because some iptables modules aren't yet
> >> ready. Keep in mind: shorewall was up an running before... without any
> >> problems:
> >>
> >>> ERROR: Log level INFO requires LOG Target in your kernel and
> iptables [ !! ]
> >>> * ERROR: shorewall6 failed to start
> >>> ERROR: UNTRACKED state requires Raw Table in your kernel and
> iptables [ !! ]
> >>> * ERROR: shorewall failed to start
> >
> > The failing modules are exactly the same as here, ipt_LOG (xt_LOG) and
> > iptable_raw; in my case the firewall fails at boot, while later it
> > behaves normally; pre-loading those modules at boot doesn't help, and
> > since I have both shorewall and shorewall6, sometimes fails the first,
> > sometimes the second. It took me some time to figure out what was
> > happening the first time I booted and the network didn't work.
> >
> > I'm testing 3.11 kernel now: all the same. Weird.
> >
> >> I can immediately start shorewall manually (/etc/init.d/shorewall start)
> >> and it will start without any problems. So this looks like a timing
> >> issue, right.
> >>
> >> Is this the same you are talking about?
> >>
> >>
> >> -Thomas
> >
> > It looks the very same problem to me.
>
> The new locking code in ip[6]tables 1.4.20 prevents iptables and
> ip6tables from running simultaneously unless the -w option is specified
> on both. You can work around this problem temporarily by using a
> capabilties file:
>
> shorewall show -f capabilities > /etc/shorewall/capabilities
> shorewall6 show -f capabilities > /etc/shorewall6/capabilities
>
> I'll have a patch to the compiler available in a day or so.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
