Shorewall users - Jun 2008 - load_blacklist: command not found

Greetings support,

I was previously using the shorewall version 3.4 packaged with Fedora version
5.0 and have just migrated to Fedora version 7.0 which uses Shorewall version
4.0.6.

In the previous version of shorewall (3.4) we would include a list of
blacklisted IP addresses in the /etc/shorewall/blacklist file.

However when IP addresses are entered in the /etc/shorewall/blacklist file for
the current version 4.0.6, and then shorewall is restarted, Shorewall restarts
successfully but responds with the following line:

Restarting shorewall: WARNING: Zone dmz is empty

/var/lib/shorewall/.restart: line 1354: load_blacklist: command not found

[ OK ]

The ''load_blacklist: command not found'' line never appeared
previously.

Can you please let me know what is the reason for this line appearing?

Thanks

Glenn



PS: Following are the relevant details 

The /etc/shorewall/blacklist file has the following content:

#BLACKLIST

59.60.61.62

#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE



''ip addr show'' output

[root@GatemanServer shorewall]# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

inet6 ::1/128 scope host 

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb qlen 1000

link/ether 00:1b:11:19:d6:bd brd ff:ff:ff:ff:ff:ff

inet 61.17.160.129/23 brd 61.17.161.255 scope global eth0

inet6 fe80::21b:11ff:fe19:d6bd/64 scope link 

valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000

link/ether 00:1c:f0:97:ec:6d brd ff:ff:ff:ff:ff:ff

inet 192.168.2.1/24 brd 192.168.2.255 scope global eth1

inet6 fe80::21c:f0ff:fe97:ec6d/64 scope link 

valid_lft forever preferred_lft forever

4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000

link/ether 00:19:d1:52:93:5a brd ff:ff:ff:ff:ff:ff

inet 59.181.97.177/8 brd 59.255.255.255 scope global eth2

inet6 fe80::219:d1ff:fe52:935a/64 scope link 

valid_lft forever preferred_lft forever

5: sit0: <NOARP> mtu 1480 qdisc noop 

link/sit 0.0.0.0 brd 0.0.0.0

8: ppp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc
pfifo_fast qlen 3

link/ppp 

inet 59.181.97.177 peer 59.183.63.254/32 scope global ppp2





''ip route show'' output

[root@GatemanServer shorewall]# ip route show

59.183.63.254 dev ppp2 proto kernel scope link src 59.181.97.177 

192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1 

61.17.160.0/23 dev eth0 proto kernel scope link src 61.17.160.129 

169.254.0.0/16 dev eth2 scope link 

59.0.0.0/8 dev eth2 proto kernel scope link src 59.181.97.177 

default dev ppp2 scope link 






-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php

glenn wrote:
> Restarting shorewall: WARNING: Zone dmz is empty
> 
> /var/lib/shorewall/.restart: line 1354: load_blacklist: command not found
> 
> [ OK ]
> 
> The ''load_blacklist: command not found'' line never
appeared previously.
> 
> Can you please let me know what is the reason for this line appearing?
Not without some more information.

a) Are you using Shorewall-shell or Shorewall-perl?
b) Do you have the ''blacklist'' option specified on at least
one interface in
/etc/shorewall/interfaces?

It might be helpful to look at the /var/lib/shorewall/.restart file as well; 
please send it to support@shorewall.net

Thanks,
-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php

Dear Tom,

Thanks for your most pointed tip.  To answer your questions:

 a) Are you using Shorewall-shell or Shorewall-perl?
I am using the Shorewall-shell

b) Do you have the ''blacklist'' option specified on at least
one interface in
/etc/shorewall/interfaces?
This was the problem.  I had not specified ''blacklist'' as one
of the options
in the ''interfaces'' file.  Once I added this option, the error
message went
away.

Thanks once again for your pointed and prompt help, and may I say how 
grateful I am that there are such knowledgeble persons like yourself, 
willing to answer the community so promptly and appropriately JUST AS A 
SERVICE TO HUMANITY and the Free Software and Open Source movement.

With sincerely appreciation for your help

Glenn Baptista

----- Original Message ----- 
From: "Tom Eastep" <teastep@shorewall.net>
To: "glenn" <glennbaptista@mygateman.com.au>; "Shorewall
Users"
<shorewall-users@lists.sourceforge.net>
Sent: Wednesday, June 11, 2008 7:17 PM
Subject: Re: [Shorewall-users] load_blacklist: command not found




-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It''s the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php