Hi, Nicola Ferrari (#554252) wrote: > Asking "shorewall check" I get: > Checking /etc/shorewall/hosts... > ERROR: Dynamic nets require Ipset Match in your kernel and iptables > /etc/shorewall/hosts (line 12)
Please run `shorewall show capabilities` If it says > ipset V5 (IPSET_V5): Not available install "ipset" package (apt-get install ipset). On a stock Debian kernel you should get > Ipset Match Counters (IPSET_MATCH_COUNTERS): Available > Ipset Match (IPSET_MATCH): Available > Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available > ipset V5 (IPSET_V5): Available > # uname -a > Linux vm-debian8-x64 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) > x86_64 GNU/Linux So you don't need xtables* package to use ipset in shorewall. If you are using your own kernel, check that "CONFIG_NETFILTER_XT_SET" is set. -Thomas ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
