Hello everybody,
I have a two interface setup (with ipsec VPN) on my firewall which is
working perfectly.
I have upgraded every release of shorewall since 2.0.9 with no problems
at all.
Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a
service shorewall restart I get this error:
---------------------------------------
....
Processing /usr/share/shorewall/action.RejectSMB...
Rule "REJECT - - udp 135" added.
Rule "REJECT - - udp 137:139" added.
Rule "REJECT - - udp 445" added.
Rule "REJECT - - tcp 135" added.
Rule "REJECT - - tcp 139" added.
Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
Warning: Log Prefix shortened to "Shorewall:@net2all:@net2all:-"
Bad argument `DROP''
Try `iptables -h'' or ''iptables --help'' for more
information.
Processing /etc/shorewall/stop ...
Stopping IPsec ... Stopping Openswan IPsec...
stop ordered, but IPsec does not appear to be running!
doing cleanup anyway...
/usr/libexec/ipsec/eroute: Trouble opening PF_KEY family socket with
error: KLIPS not loaded or enabled.
/usr/libexec/ipsec/spi: Trouble opening PF_KEY family socket with error:
KLIPS not loaded or enabled.
[FAILED]
Stopping ulogd: [ OK ]
IP Forwarding Enabled
Processing /etc/shorewall/stopped ...
/sbin/service: line 68: 30062 Terminated env -i LANG=$LANG
PATH=$PATH TERM=$TERM "${SERVICEDIR}/${SERVICE}" ${OPTIONS}
root@fw /etc/shorewall#
---------------------------------------
Any idea ?
Thank you !
Maurizio
mizzio wrote:> Hello everybody, > > I have a two interface setup (with ipsec VPN) on my firewall which is > working perfectly. > > I have upgraded every release of shorewall since 2.0.9 with no problems > at all. > > Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a > service shorewall restart I get this error: > > --------------------------------------- > .... > Processing /usr/share/shorewall/action.RejectSMB... > Rule "REJECT - - udp 135" added. > Rule "REJECT - - udp 137:139" added. > Rule "REJECT - - udp 445" added. > Rule "REJECT - - tcp 135" added. > Rule "REJECT - - tcp 139" added. > Rule "REJECT - - tcp 445" added. > Processing /etc/shorewall/policy... > Warning: Log Prefix shortened to "Shorewall:@net2all:@net2all:-" > Bad argument `DROP'' > Try `iptables -h'' or ''iptables --help'' for more information. > Processing /etc/shorewall/stop ...Please replace /usr/share/shorewall/firewall with: ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall and let us know if it fixes the problem. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hello, Tom Eastep schrieb:> mizzio wrote: > >>Hello everybody, >> >>I have a two interface setup (with ipsec VPN) on my firewall which is >>working perfectly. >> >>I have upgraded every release of shorewall since 2.0.9 with no problems >>at all. >> >>Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a >>service shorewall restart I get this error: >> >>--------------------------------------- >>.... >>Processing /usr/share/shorewall/action.RejectSMB... >> Rule "REJECT - - udp 135" added. >> Rule "REJECT - - udp 137:139" added. >> Rule "REJECT - - udp 445" added. >> Rule "REJECT - - tcp 135" added. >> Rule "REJECT - - tcp 139" added. >> Rule "REJECT - - tcp 445" added. >>Processing /etc/shorewall/policy... >> Warning: Log Prefix shortened to "Shorewall:@net2all:@net2all:-" >>Bad argument `DROP'' >>Try `iptables -h'' or ''iptables --help'' for more information. >>Processing /etc/shorewall/stop ... > > > Please replace /usr/share/shorewall/firewall with: > > ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall > > and let us know if it fixes the problem.i encountered the same problem yesterday (rate-limiting in policy file). I tested your fixed script Tom, it worked for me. Thx a lot. Greets Dennis
Dennis Borngraeber wrote:> >> >> >> Please replace /usr/share/shorewall/firewall with: >> >> ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall >> >> and let us know if it fixes the problem. > > > i encountered the same problem yesterday (rate-limiting in policy file). > I tested your fixed script Tom, it worked for me. >Thanks, Dennis I apparently merged the 2.2.0 patch into 2.0.14 but never changed it to account for the differences between the two threads :-( I''ll have 2.0.15 out in the next day or so. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom, it does fix the problem ! what else can I say other then thank you very much ? regards, maurizio Il giorno mer, 12-01-2005 alle 07:59 -0800, Tom Eastep ha scritto:> Dennis Borngraeber wrote: > > > >> > >> > >> Please replace /usr/share/shorewall/firewall with: > >> > >> ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall > >> > >> and let us know if it fixes the problem. > > > > > > i encountered the same problem yesterday (rate-limiting in policy > file). > > I tested your fixed script Tom, it worked for me. > > > > Thanks, Dennis > > I apparently merged the 2.2.0 patch into 2.0.14 but never changed it > to > account for the differences between the two threads :-( > > I''ll have 2.0.15 out in the next day or so. > > -Tom