Hi list.
I'm trying to add ipset support on my shorewall.
I'm using shorewall 4.6.4.3 on a Debian 8.5 install.
I installed xtables and ipset by using
apt-get install dkms linux-headers-$(uname -r)
apt-get install xtables-addons-common xtables-addons-dkms
Modules get compiled correctly, in fact, if I ask lsmod, I get
x_tables 27111 21
xt_mark,xt_CT,xt_comment,ipt_ULOG,xt_recent,ip_tables,xt_tcpudp,xt_NFLOG,xt_limit,xt_conntrack,xt_LOG,xt_nat,xt_set,xt_multiport,iptable_filter,xt_TCPMSS,xt_connmark,ipt_REJECT,iptable_mangle,xt_addrtype,iptable_raw
But, if I configure shorewall like this
/etc/shorewall/zones:
dyn:loc ipv4 dynamic_shared
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
loc eth1 - …
/etc/shorewall/hosts:
#ZONE HOSTS OPTIONS
dyn eth1:dynamic
Asking "shorewall check" I get:
Checking /etc/shorewall/hosts...
ERROR: Dynamic nets require Ipset Match in your kernel and iptables
/etc/shorewall/hosts (line 12)
What am I missing?
Thanks!
Nick
--
+---------------------+
| Linux User #554252 |
+---------------------+
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
