-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/30/2016 06:19 PM, Phil Stracchino wrote: > I have a Ubiquiti EdgeRouter PoE router on which I've been running > Shorewall since 2014. It runs Shorewall 4.4.11 on Linux kernel > 3.4.27. > > I'm currently in the process of setting up a new Ubiquiti > EdgeRouter X, which is running kernel 3.10.14, and on which I have > just installed shorewall 4.5.5, the latest available Shorewall > package for debian wheezy mipsel. My first step after installing > was to copy the ruleset from the Shorewall 4.4.11 installation on > the old router to 4.5.5 on the new one. > > Shorewall 4.5.5 APPEARS to process all the rules properly, but > spits out some errors during initialization. It emits no errors > after the initialization phase (i.e, once it starts compiling). > > Running 'shorewall trace restart >shorewall.out 2>&1' yielded the > following among the output: > > > SYS----> /sbin/iptables -A fooX23872 -m recent --update -j ACCEPT > SYS----> /sbin/iptables -A fooX23872 -m owner --uid-owner 0 -j > ACCEPT iptables: No chain/target/match by that name. SYS----> > /sbin/iptables -A fooX23872 -m owner --uid-owner root > > > SYS----> /sbin/iptables -A fooX23872 -p tcp -m ipp2p --edk -j > ACCEPT SYS----> /sbin/iptables -A fooX23872 -p tcp -m ipp2p --ipp2p > -j ACCEPT iptables v1.4.20: unknown option "--ipp2p" Try `iptables > -h' or 'iptables --help' for more information. > > > SYS----> /sbin/iptables -t mangle -A fooX23872 -j CLASSIFY > --set-class 1:1 SYS----> /sbin/iptables -t mangle -A fooX23872 -j > IPMARK --addr src iptables v1.4.20: unknown option "--addr" > > > SYS----> /sbin/iptables -t mangle -A fooX23872 -p tcp -j TPROXY > --on-port 0 --tproxy-mark 1 iptables: No chain/target/match by that > name. > > > SYS----> /sbin/iptables -t rawpost -L -n iptables v1.4.20: can't > initialize iptables table `rawpost': Table does not exist (do you > need to insmod?) > > > SYS----> /sbin/ipset -X fooX23872 ipset v6.23: The set with the > given name does not exist SYS----> /sbin/ipset -N fooX23872 iphash > SYS----> /sbin/ipset -N fooX23872 hash:ip family inet ipset v6.23: > Set cannot be created: set with the same name already exists > > > SYS----> /sbin/iptables -A fooX23872 -j LOGMARK iptables v1.4.20: > Couldn't load target `LOGMARK':No such file or directory > > > SYS----> /sbin/iptables -A fooX23872 -j ACCOUNT --addr > 192.168.1.0/29 --tname fooX23872 iptables v1.4.20: unknown option > "--addr" Try `iptables -h' or 'iptables --help' for more > information. SYS----> /sbin/iptables -A fooX23872 -j AUDIT --type > drop iptables: No chain/target/match by that name. SYS----> > /sbin/ipset -X fooX23872 ipset v6.23: The set with the given name > does not exist SYS----> /sbin/ipset -N fooX23872 hash:ip family > inet SYS----> /sbin/iptables -A fooX23872 -m condition --condition > foo iptables: No chain/target/match by that name. > > > SYS----> /sbin/iptables -A fooX23872 -m geoip --src-cc US iptables > v1.4.20: Couldn't load match `geoip':No such file or directory > > > SYS----> /sbin/iptables -t nat -F fooX23872 iptables: No > chain/target/match by that name. SYS----> /sbin/iptables -t nat -X > fooX23872 iptables: No chain/target/match by that name. > > > > Now, not being even remotely close to an iptables expert ... how > serious are these? Need I be concerned? If so, is there anything > I can likely do about them, remembering that I am running an > embedded device and have no control over the kernel configuration? > Is it likely I have misconfigured anything? I have intentionally > not touched anything whatsoever in shorewall.conf. > > (I assume the geoip-related error is because I haven't installed a > geoip tool, because I don't know yet what to install to support > it.) > > >
Those messages are harmless -- they are generated when the compiler is probing your system to determine its capabilities. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYFqPjAAoJEJbms/JCOk0QzU0P+QGYQOg/06V4Phk4VUA07A8B Y9dxxMFIRCK0Nr/iXErPW3Ss8jW7rq5ZV2ImwALF2QysmFMQCfwSwqbnnAFLdfB8 xpocdTnfFyF+WOimEG5furyFLw6dijGtKl6ZGY7Xk2t+loOoo5uLGvREChYbsJod 0B54uF+4s74UR6g7TIz2dFuTH2H1bcUuJqefKjxfdbEnmyZ6pkKdzTskKBJ2GNyx aKx3r2eoWPY2CjmlFxiEjHmvlN2EuXBtAc6IMLqPAovJnJphxteNuM48eYF2N7oA bPSIx7j2NBsdyvvz0hx3KES/chYFGmzp1AzXfnS1YxhuVXHYDxwoDBDQoKS4rMpe WRTMlQ9VJ0Wbe2FxeSXkfbDbC55jcphV/HQgsMKEGDvmjHXE1L/TzNFnBYW7xL1P HAr/edGh5LMtdYqcyd6mjKncWSJRl49OjR2GOI8myXyXG6G/bzw5SJz9KfX/hiIH NnPluo3SmgGW7EdzcR+0LfxNoOS5cCt0AurZooOCaKM9AaGCwrU3UZTvLGF2eUxe qCXoozRfXBlr/A6iPTTitQ7nNlYF21X2RO22P6CE3lRh6CyhixmsF7QvC9C3AS4E 126/eSpL2ZNfAYkEMq2KdQVZ1kwqdgrZ7TiBDIPk8bVtRK94NzXTqNUz5l+Sw4HP MBy90bf7XQje+vCpYQMj =HEbw -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
