Data from attempting to start shorewall.
mon init.d # shorewall start
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Available
Determining Zones...
Zones: net
Validating interfaces file...
Error: Invalid zone (loc) in record "loc eth0 detect "
Terminated
To my uneducated eye it seems the complaint come from here.
But this seems to be following examples given in the documentation.
In interfaces we have
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect routefilter,tcpflags
loc eth0 detect
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
(As the system is currently not quite ready to go on line, eth1 is not
currently connected. The connection out of eth0 is working just fine,
but with no firewall.)
Some data from kernel configuration. (Do I need to do something to make
these modules available or is it sufficient that they are stored in
/lib/modules/2.6.10/kernel/net/ipv4/netfilter?)
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CONNTRACK_MARK is not set
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_TFTP=m
# CONFIG_IP_NF_AMANDA is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
Any suggestions greatly appreciated. Thanks,
Fred