Nick: I just got mine working on Ubuntu 14.04
Have you created ipset hash table? Check Internet to see how. If doing more than one country see how to set size of hash. Read blrules on shorewall web site, which belong in directory with rest of main files /etc/shorewall. If you use "locate" there are blrules and blrules.annotated I found out the hard way you need also to "ipset save" so that your shorewall will restart on reboot. And read about shorewall.conf for ipset. Check below for info about dynamic. On 5/27/2016 2:52 AM, Nicola Ferrari (#554252) wrote: > Hi list. > > I'm trying to add ipset support on my shorewall. > I'm using shorewall 4.6.4.3 on a Debian 8.5 install. > > I installed xtables and ipset by using > apt-get install dkms linux-headers-$(uname -r) > apt-get install xtables-addons-common xtables-addons-dkms > > Modules get compiled correctly, in fact, if I ask lsmod, I get > x_tables 27111 21 > xt_mark,xt_CT,xt_comment,ipt_ULOG,xt_recent,ip_tables,xt_tcpudp,xt_NFLOG,xt_limit,xt_conntrack,xt_LOG,xt_nat,xt_set,xt_multiport,iptable_filter,xt_TCPMSS,xt_connmark,ipt_REJECT,iptable_mangle,xt_addrtype,iptable_raw > > But, if I configure shorewall like this > /etc/shorewall/zones: > dyn:loc ipv4 dynamic_shared You only need dynamic if you are using ipset with more than one card on the same zone, so you only have to create one ipset > /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > loc eth1 - … > > /etc/shorewall/hosts: > #ZONE HOSTS OPTIONS > dyn eth1:dynamic > > > Asking "shorewall check" I get: > Checking /etc/shorewall/hosts... > ERROR: Dynamic nets require Ipset Match in your kernel and iptables > /etc/shorewall/hosts (line 12) > > What am I missing? > > Thanks! > Nick > > -- Eric Teeter Brooklyn WI ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
