Hi !
I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite long
time. Just now I have switched to perl compiler (without changing anything
except "SHOREWALL_COMPILER=perl") and got the following error:
Shorewall configuration compiled to /var/lib/shorewall/.restart
ERROR: /sbin/iptables-restore does not exist or is not executable
/sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL
${VARDIR}/.restart $debugging restart
Quite strange, since "shorewall check" returns OK status.
Any idea what went wrong?
---------------------------------
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling /usr/share/shorewall/rfc1918...
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Shorewall configuration compiled to /var/lib/shorewall/.restart
ERROR: /sbin/iptables-restore does not exist or is not executable
/sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL
${VARDIR}/.restart $debugging restart
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrei Verovski (aka MacGuru) wrote:> Hi ! > > I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite long > time. Just now I have switched to perl compiler (without changing anything > except "SHOREWALL_COMPILER=perl") and got the following error: > > Shorewall configuration compiled to /var/lib/shorewall/.restart > ERROR: /sbin/iptables-restore does not exist or is not executable > /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL > ${VARDIR}/.restart $debugging restart > > Quite strange, since "shorewall check" returns OK status. > > Any idea what went wrong?Shorewall is finding /sbin/iptables (either via PATH or via the IPTABLES setting in shorewall.conf) but /sbin/iptables-restore does not exist or is not executable. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep a écrit :> Andrei Verovski (aka MacGuru) wrote: > >> Hi ! >> >> I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite long >> time. Just now I have switched to perl compiler (without changing anything >> except "SHOREWALL_COMPILER=perl") and got the following error: >> >> Shorewall configuration compiled to /var/lib/shorewall/.restart >> ERROR: /sbin/iptables-restore does not exist or is not executable >> /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL >> ${VARDIR}/.restart $debugging restart >> >> Quite strange, since "shorewall check" returns OK status. >> >> Any idea what went wrong? >> > > Shorewall is finding /sbin/iptables (either via PATH or via the IPTABLES > setting in shorewall.conf) but /sbin/iptables-restore does not exist or > is not executable. > > -Tom >which iptables-restore should give you the good path. Check permissions on the file found at te previous step... ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hi ! This was my first idea, too. However: 11:55 linux-srv:~ > locate iptables-restore /usr/sbin/iptables-restore 11:55 linux-srv:/usr/sbin # ls -la | grep iptables -rwxr-xr-x 1 root root 47920 2007-08-21 20:06 iptables -rwxr-xr-x 1 root root 52184 2007-08-21 20:06 iptables-restore -rwxr-xr-x 1 root root 52148 2007-08-21 20:06 iptables-save -rwxr-xr-x 1 root root 14272 2007-08-21 20:06 iptables-xml In Shorewall.conf - PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin After I set IPTABLES=/usr/sbin/iptables Everything worked fine. Anyway, I suppose there is some glitch because other iptables executables are found without any problem.> Shorewall is finding /sbin/iptables (either via PATH or via the IPTABLES > setting in shorewall.conf) but /sbin/iptables-restore does not exist or > is not executable.> Andrei Verovski (aka MacGuru) wrote: > > Hi ! > > > > I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite > > long time. Just now I have switched to perl compiler (without changing > > anything except "SHOREWALL_COMPILER=perl") and got the following error: > > > > Shorewall configuration compiled to /var/lib/shorewall/.restart > > ERROR: /sbin/iptables-restore does not exist or is not executable > > /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL > > ${VARDIR}/.restart $debugging restart > > > > Quite strange, since "shorewall check" returns OK status. > > > > Any idea what went wrong?------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, 2007-09-08 at 12:08 +0300, Andrei Verovski (aka MacGuru) wrote:> Hi ! > > This was my first idea, too. However: > > 11:55 linux-srv:~ > locate iptables-restore > /usr/sbin/iptables-restore > > > 11:55 linux-srv:/usr/sbin # ls -la | grep iptables > -rwxr-xr-x 1 root root 47920 2007-08-21 20:06 iptables > -rwxr-xr-x 1 root root 52184 2007-08-21 20:06 iptables-restore > -rwxr-xr-x 1 root root 52148 2007-08-21 20:06 iptables-save > -rwxr-xr-x 1 root root 14272 2007-08-21 20:06 iptables-xml > > In Shorewall.conf - > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin > > After I set > IPTABLES=/usr/sbin/iptables > > Everything worked fine. > > Anyway, I suppose there is some glitch because other iptables executables are > found without any problem.The lines of shell code leading up to the error should have been the following: IPTABLES="/sbin/iptables" [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" IPTABLES_RESTORE=${IPTABLES}-restore [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" Pretty hard to understand how that could go wrong unless the final ''-x'' test was returning a false value. FWIW, your current /var/lib/shorewall/.restart file should have this very similar code: IPTABLES="/usr/sbin/iptables" [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" IPTABLES_RESTORE=${IPTABLES}-restore [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, Sep 08, 2007 at 08:31:47AM -0700, Tom Eastep wrote:> The lines of shell code leading up to the error should have been the > following: > > IPTABLES="/sbin/iptables" > > [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" > IPTABLES_RESTORE=${IPTABLES}-restore > [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" > > > Pretty hard to understand how that could go wrong unless the final ''-x'' > test was returning a false value.There''s also a direct call to iptables-restore (not $IPTABLES_RESTORE) in Shorewall::Compiler - I can''t see how that''s relevant, but it looks wrong. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, 2007-09-08 at 18:08 +0100, Andrew Suffield wrote:> On Sat, Sep 08, 2007 at 08:31:47AM -0700, Tom Eastep wrote: > > The lines of shell code leading up to the error should have been the > > following: > > > > IPTABLES="/sbin/iptables" > > > > [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" > > IPTABLES_RESTORE=${IPTABLES}-restore > > [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" > > > > > > Pretty hard to understand how that could go wrong unless the final ''-x'' > > test was returning a false value. > > There''s also a direct call to iptables-restore (not $IPTABLES_RESTORE) > in Shorewall::Compiler - I can''t see how that''s relevant, but it looks > wrong.Corrected. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/