On Thu, Oct 05, 2017 at 09:45:26PM -0700, Tom Eastep wrote: > On 10/05/2017 09:35 PM, Daniel Nelson wrote: > > On Thu, Oct 05, 2017 at 08:05:37AM -0700, Tom Eastep wrote: > >> Please look in your kernel log to see what netfilter messages are issued > >> when this failure occurs. Also, with a hashlimit rule in place, try > >> 'shorewall debug reload' -- that can give better diagnostic information. > > > > I don't see any logs of interest in kern.log, messages, or elsewhere, but > > here > > is the output of 'shorewall debug reload': > > > > Running debug_restore_input... > > iptables: No chain/target/match by that name. > > ERROR: Command "/sbin/iptables --wait -t filter -A INPUT -m > > hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-name > > lograte --hashlimit-mode srcip -j LOG --log-level 6 --log-prefix "INPUT > > REJECT "" Failed > > > > What is the output of 'shorewall show capabilities | fgrep HASHLIMIT'?
$ sudo shorewall show capabilities | fgrep HASHLIMIT Hashlimit Match (HASHLIMIT_MATCH): Available ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users