Hi, I have updated a CentOS 6 system from shorewall 4.6.4 to 5.0.12 and now shorewall does not start with the following error:
WARNING: ipset lvpn does not exist; creating it as an hash:net set ipset v6.11: Unknown argument: `counters' Try `ipset help' for more information. lvpn is a dynamic zone. It seems that CentOS doesn't support counters in ipset, but the capability is not detected. Here's what I did: [root@gateway ~]# ipset -N lvpn hash:net family inet timeout 0 counters ipset v6.11: Unknown argument: `counters' Try `ipset help' for more information. [root@gateway ~]# ipset -N lvpn hash:net family inet timeout 0 [root@gateway ~]# shorewall restart ... done. [root@gateway ~]# shorewall show capabilities | grep Ipset Ipset Match (IPSET_MATCH): Available For reference, here's the output on CentOS 7: [root@nethsecurity7 ~]# shorewall show capabilities | grep Ipset Ipset Match Counters (IPSET_MATCH_COUNTERS): Available Ipset Match (IPSET_MATCH): Available Ipset Match Nomatch (IPSET_MATCH_NOMATCH): Available Other info: [root@gateway ~]# modinfo ip_set_hash_net filename: /lib/modules/2.6.32-642.6.1.el6.x86_64/kernel/net/netfilter/ipset/ip_set_hash_net.ko alias: ip_set_hash:net description: hash:net type of IP sets author: Jozsef Kadlecsik <[email protected]> license: GPL srcversion: A466855CF5D693A4E053AF4 depends: ip_set vermagic: 2.6.32-642.6.1.el6.x86_64 SMP mod_unload modversions counters were unconditionally added in 6c00f72f448b36e85b9b5d68acd7018e7f44ecff if have_capability IPSET_V5, which is true. Do you have any suggestion on a fix? Thank you. -- Ciao, Filippo ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
