Running Shorewall on Proxmox 3.3 (Debian 7). Proxmox native firewall disabled. This machine has been running for>1yr with no reboot. This problem has only happened in the last week. When I run /sbin/shorewall restart it hangs at : # /sbin/shorewall restart Compiling... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... I have to ctrl-c three times to get it to continue. Each time I get the following in /var/log/messages before it completes. kernel: Can't find ip_set type hash:ip /var/log/messages finally reads : kernel: Can't find ip_set type hash:ip kernel: Can't find ip_set type hash:ip kernel: Can't find ip_set type hash:ip root: Shorewall restarted The rules already in place aren't effected but I can't add or remove anything. ------------------------------------------------------------ #/sbin/shorewall version 4.5.5.3 #ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:60:6e:6e:60:b2 brd ff:ff:ff:ff:ff:ff inet 4XX.XXX.XXX.XXX/32 brd 4XX.XXX.XXX.XXX scope global eth0:2 inet 1XX.XXX.XXX.XXX/24 brd 1XX.XXX.XXX.255 scope global eth0 inet 2XX.XXX.XXX.XXX/32 brd 2XX.XXX.XXX.XXX scope global eth0:0 inet 3XX.XXX.XXX.XXX/32 brd 3XX.XXX.XXX.XXX scope global eth0:1 4: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/void 9: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/8 brd 10.255.255.255 scope global vmbr0 #ip route show 10.0.0.101 dev venet0 scope link 10.5.5.5 dev venet0 scope link 10.0.0.130 dev venet0 scope link 10.3.3.3 dev venet0 scope link 10.0.0.110 dev venet0 scope link 10.0.1.1 dev venet0 scope link 10.0.0.104 dev venet0 scope link 10.0.1.2 dev venet0 scope link 1XX.XXX.XXX.0/24 dev eth0 proto kernel scope link src 1XX.XXX.XXX.XXX 10.0.0.0/8 dev vmbr0 proto kernel scope link src 10.0.0.1 default via 1XX.XXX.XXX.254 dev eth0 ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk