Hello,
Shorewall''s acting up, it''s done this twice now (requiring
inconvenient
remote-console work): When applying rules, seemingly regardless of what they
contain (this is a known-working config, it worked fine before I added NAT
and two ACCEPT rules, which have now been removed).
It''s a simple setup -
policy: deny all incoming, allow all outgoing ,
rules: allowSSH, allowDNS, etc etc.
This is what happens when I try to enable the config.
[root@blade038 shorewall]# shorewall try /etc/shorewall 10
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall Not Currently Running
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
ROUTE Target: Not available
Extended MARK Target: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Available
Determining Zones...
Zones: net vpn
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Internet Zone: eth0:0.0.0.0/0
VPN Zone: br0:0.0.0.0/0
Processing /etc/shorewall/init ...
device br0 already exists; can''t create bridge with the same name
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.DropSMB...
Pre-processing /usr/share/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowSubmission...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowICMPs...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowNTPbrd...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
-----snip, terminal session terminates-----
I doubt the br0 is anything to do with it. it''s just a simple
initscript
that makes a bridge br0 and assigns it an IP address.
Any ideas?
Thanks,
Jan