Re: [Shorewall-users] My Shorewall configuration crashes kernel 3.13.9

Fri, 09 May 2014 13:40:28 -0700 


On 5/9/2014 10:18 AM, Tom Eastep wrote:

On 5/9/2014 1:31 AM, Brian Burch wrote:


I checked my dkms modules and found the package xtables-addons-dkms is
at the latest recommended level for ubuntu trusty, i.e. 2.3-1. I googled
(more in desperation than confidence) and up popped this!

https://bugs.launchpad.net/ubuntu/+source/xtables-addons/+bug/1286911

Although I would have liked to retain my geoip support, it isn't any
good if I can't run shorewall without it crashing my system! I purged
the package but keept xtables-addons-common (I really need ipsets) and
libxtables10.

shorewall works fine now!

I suppose I could inject xtables 2.4 into my system as a test, but I'll
wait for a while to see whether it appears in the standard repositories
soon.

I hope this tale is helpful. Thanks for your advice, Tom.

Thanks Brian,

Bill -- could this be your issue as well?

-Tom


------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce


_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users


GeoIP was one of my first suspicions and I commented it out of the rules:
?COMMENT drop romania, russia, ukraine
# drop Romania, Russian Federation, and Ukraine
#DROP   inet:^[RO,RU,UA]        fw
?COMMENT

but it turns out (from your bug link, Brian) that the culprit is 
iptable_rawpost:

[0:root@jabba modprobe]$ cat /etc/modprobe.d/my_blacklist.conf
blacklist iptable_rawpost
blacklist ip6table_rawpost
install iptable_rawpost /bin/false
install ip6table_rawpost /bin/false

'shorewall start' works WITH GeoIP.

Many thanks to all,
Bill


------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to