Hello everybody, I have a two interface setup (with ipsec VPN) on my firewall which is working perfectly. I have upgraded every release of shorewall since 2.0.9 with no problems at all. Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a service shorewall restart I get this error: --------------------------------------- .... Processing /usr/share/shorewall/action.RejectSMB... Rule "REJECT - - udp 135" added. Rule "REJECT - - udp 137:139" added. Rule "REJECT - - udp 445" added. Rule "REJECT - - tcp 135" added. Rule "REJECT - - tcp 139" added. Rule "REJECT - - tcp 445" added. Processing /etc/shorewall/policy... Warning: Log Prefix shortened to "Shorewall:@net2all:@net2all:-" Bad argument `DROP'' Try `iptables -h'' or ''iptables --help'' for more information. Processing /etc/shorewall/stop ... Stopping IPsec ... Stopping Openswan IPsec... stop ordered, but IPsec does not appear to be running! doing cleanup anyway... /usr/libexec/ipsec/eroute: Trouble opening PF_KEY family socket with error: KLIPS not loaded or enabled. /usr/libexec/ipsec/spi: Trouble opening PF_KEY family socket with error: KLIPS not loaded or enabled. [FAILED] Stopping ulogd: [ OK ] IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/service: line 68: 30062 Terminated env -i LANG=$LANG PATH=$PATH TERM=$TERM "${SERVICEDIR}/${SERVICE}" ${OPTIONS} root@fw /etc/shorewall# --------------------------------------- Any idea ? Thank you ! Maurizio
mizzio wrote:> Hello everybody, > > I have a two interface setup (with ipsec VPN) on my firewall which is > working perfectly. > > I have upgraded every release of shorewall since 2.0.9 with no problems > at all. > > Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a > service shorewall restart I get this error: > > --------------------------------------- > .... > Processing /usr/share/shorewall/action.RejectSMB... > Rule "REJECT - - udp 135" added. > Rule "REJECT - - udp 137:139" added. > Rule "REJECT - - udp 445" added. > Rule "REJECT - - tcp 135" added. > Rule "REJECT - - tcp 139" added. > Rule "REJECT - - tcp 445" added. > Processing /etc/shorewall/policy... > Warning: Log Prefix shortened to "Shorewall:@net2all:@net2all:-" > Bad argument `DROP'' > Try `iptables -h'' or ''iptables --help'' for more information. > Processing /etc/shorewall/stop ...Please replace /usr/share/shorewall/firewall with: ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall and let us know if it fixes the problem. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hello, Tom Eastep schrieb:> mizzio wrote: > >>Hello everybody, >> >>I have a two interface setup (with ipsec VPN) on my firewall which is >>working perfectly. >> >>I have upgraded every release of shorewall since 2.0.9 with no problems >>at all. >> >>Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a >>service shorewall restart I get this error: >> >>--------------------------------------- >>.... >>Processing /usr/share/shorewall/action.RejectSMB... >> Rule "REJECT - - udp 135" added. >> Rule "REJECT - - udp 137:139" added. >> Rule "REJECT - - udp 445" added. >> Rule "REJECT - - tcp 135" added. >> Rule "REJECT - - tcp 139" added. >> Rule "REJECT - - tcp 445" added. >>Processing /etc/shorewall/policy... >> Warning: Log Prefix shortened to "Shorewall:@net2all:@net2all:-" >>Bad argument `DROP'' >>Try `iptables -h'' or ''iptables --help'' for more information. >>Processing /etc/shorewall/stop ... > > > Please replace /usr/share/shorewall/firewall with: > > ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall > > and let us know if it fixes the problem.i encountered the same problem yesterday (rate-limiting in policy file). I tested your fixed script Tom, it worked for me. Thx a lot. Greets Dennis
Dennis Borngraeber wrote:> >> >> >> Please replace /usr/share/shorewall/firewall with: >> >> ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall >> >> and let us know if it fixes the problem. > > > i encountered the same problem yesterday (rate-limiting in policy file). > I tested your fixed script Tom, it worked for me. >Thanks, Dennis I apparently merged the 2.2.0 patch into 2.0.14 but never changed it to account for the differences between the two threads :-( I''ll have 2.0.15 out in the next day or so. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom, it does fix the problem ! what else can I say other then thank you very much ? regards, maurizio Il giorno mer, 12-01-2005 alle 07:59 -0800, Tom Eastep ha scritto:> Dennis Borngraeber wrote: > > > >> > >> > >> Please replace /usr/share/shorewall/firewall with: > >> > >> ftp://shorewall.net/pub/shorewall/errata/2.0.14/firewall > >> > >> and let us know if it fixes the problem. > > > > > > i encountered the same problem yesterday (rate-limiting in policy > file). > > I tested your fixed script Tom, it worked for me. > > > > Thanks, Dennis > > I apparently merged the 2.2.0 patch into 2.0.14 but never changed it > to > account for the differences between the two threads :-( > > I''ll have 2.0.15 out in the next day or so. > > -Tom