Hi Tomas, 2016-12-09 11:57 GMT+01:00 Thomas Deutschmann <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > On 2016-12-09 09:41, Csányi Pál wrote: >> Hi, >> >> I'm running Shorewall 5.0.11 on Gentoo linux system. This is on my >> laptop. >> >> Today I realize that that I can't start shorewall service on my >> system. >> >> I recently build my new kernel: 4.4.26-gentoo #1 SMP >> >> [..,] >> >> I am trying to follow this: >> http://www.shorewall.net/troubleshoot.htm >> >> Here I found that that maybe the cause of this error is the REJECT >> support in kernel. In the >> /var/lib/shorewall/.iptables-restore-input file at line 195 is >> only: COMMIT > > Have you tried running `shorewall debug restart` like written in the > troubleshooting guide? This should show you exactly the rule which is > failing.
I just run it and get that rule: iptables: No chain/target/match by that name. ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -j LOG --log-level 6 --log-prefix "Shorewall:INPUT:REJECT:"" Failed > If you think this is related to REJECT target, check if "ipt_REJECT" > kernel module is loaded using "lsmod". nf_reject_ipv4 16384 1 ipt_REJECT so I think the ipt_REJECT kernel module is loaded. I'm running syslog-ng. In it's log I find aonly two lines when started Shorewall: ec 9 18:48:01 cspg pali[5475]: ERROR:Shorewall start failed Dec 9 18:48:01 cspg pali[5502]: Shorewall Stopped -- Best, Pali ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
