Hi ! I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite long time. Just now I have switched to perl compiler (without changing anything except "SHOREWALL_COMPILER=perl") and got the following error: Shorewall configuration compiled to /var/lib/shorewall/.restart ERROR: /sbin/iptables-restore does not exist or is not executable /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart Quite strange, since "shorewall check" returns OK status. Any idea what went wrong? --------------------------------- Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... Determining Hosts in Zones... Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /etc/shorewall/policy... Adding Anti-smurf Rules Adding rules for DHCP Compiling /usr/share/shorewall/rfc1918... Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling /etc/shorewall/masq... Compiling MAC Filtration -- Phase 1... Compiling /etc/shorewall/rules... Generating Transitive Closure of Used-action List... Processing /usr/share/shorewall/action.Reject for chain Reject... Processing /usr/share/shorewall/action.Drop for chain Drop... Compiling MAC Filtration -- Phase 2... Applying Policies... Generating Rule Matrix... Creating iptables-restore input... Shorewall configuration compiled to /var/lib/shorewall/.restart ERROR: /sbin/iptables-restore does not exist or is not executable /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrei Verovski (aka MacGuru) wrote:> Hi ! > > I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite long > time. Just now I have switched to perl compiler (without changing anything > except "SHOREWALL_COMPILER=perl") and got the following error: > > Shorewall configuration compiled to /var/lib/shorewall/.restart > ERROR: /sbin/iptables-restore does not exist or is not executable > /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL > ${VARDIR}/.restart $debugging restart > > Quite strange, since "shorewall check" returns OK status. > > Any idea what went wrong?Shorewall is finding /sbin/iptables (either via PATH or via the IPTABLES setting in shorewall.conf) but /sbin/iptables-restore does not exist or is not executable. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep a écrit :> Andrei Verovski (aka MacGuru) wrote: > >> Hi ! >> >> I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite long >> time. Just now I have switched to perl compiler (without changing anything >> except "SHOREWALL_COMPILER=perl") and got the following error: >> >> Shorewall configuration compiled to /var/lib/shorewall/.restart >> ERROR: /sbin/iptables-restore does not exist or is not executable >> /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL >> ${VARDIR}/.restart $debugging restart >> >> Quite strange, since "shorewall check" returns OK status. >> >> Any idea what went wrong? >> > > Shorewall is finding /sbin/iptables (either via PATH or via the IPTABLES > setting in shorewall.conf) but /sbin/iptables-restore does not exist or > is not executable. > > -Tom >which iptables-restore should give you the good path. Check permissions on the file found at te previous step... ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hi ! This was my first idea, too. However: 11:55 linux-srv:~ > locate iptables-restore /usr/sbin/iptables-restore 11:55 linux-srv:/usr/sbin # ls -la | grep iptables -rwxr-xr-x 1 root root 47920 2007-08-21 20:06 iptables -rwxr-xr-x 1 root root 52184 2007-08-21 20:06 iptables-restore -rwxr-xr-x 1 root root 52148 2007-08-21 20:06 iptables-save -rwxr-xr-x 1 root root 14272 2007-08-21 20:06 iptables-xml In Shorewall.conf - PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin After I set IPTABLES=/usr/sbin/iptables Everything worked fine. Anyway, I suppose there is some glitch because other iptables executables are found without any problem.> Shorewall is finding /sbin/iptables (either via PATH or via the IPTABLES > setting in shorewall.conf) but /sbin/iptables-restore does not exist or > is not executable.> Andrei Verovski (aka MacGuru) wrote: > > Hi ! > > > > I have Shorewall 4.03 on SuSE 10.2, working with shell compiler for quite > > long time. Just now I have switched to perl compiler (without changing > > anything except "SHOREWALL_COMPILER=perl") and got the following error: > > > > Shorewall configuration compiled to /var/lib/shorewall/.restart > > ERROR: /sbin/iptables-restore does not exist or is not executable > > /sbin/shorewall: line 658: 14967 Terminated $SHOREWALL_SHELL > > ${VARDIR}/.restart $debugging restart > > > > Quite strange, since "shorewall check" returns OK status. > > > > Any idea what went wrong?------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, 2007-09-08 at 12:08 +0300, Andrei Verovski (aka MacGuru) wrote:> Hi ! > > This was my first idea, too. However: > > 11:55 linux-srv:~ > locate iptables-restore > /usr/sbin/iptables-restore > > > 11:55 linux-srv:/usr/sbin # ls -la | grep iptables > -rwxr-xr-x 1 root root 47920 2007-08-21 20:06 iptables > -rwxr-xr-x 1 root root 52184 2007-08-21 20:06 iptables-restore > -rwxr-xr-x 1 root root 52148 2007-08-21 20:06 iptables-save > -rwxr-xr-x 1 root root 14272 2007-08-21 20:06 iptables-xml > > In Shorewall.conf - > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin > > After I set > IPTABLES=/usr/sbin/iptables > > Everything worked fine. > > Anyway, I suppose there is some glitch because other iptables executables are > found without any problem.The lines of shell code leading up to the error should have been the following: IPTABLES="/sbin/iptables" [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" IPTABLES_RESTORE=${IPTABLES}-restore [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" Pretty hard to understand how that could go wrong unless the final ''-x'' test was returning a false value. FWIW, your current /var/lib/shorewall/.restart file should have this very similar code: IPTABLES="/usr/sbin/iptables" [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" IPTABLES_RESTORE=${IPTABLES}-restore [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, Sep 08, 2007 at 08:31:47AM -0700, Tom Eastep wrote:> The lines of shell code leading up to the error should have been the > following: > > IPTABLES="/sbin/iptables" > > [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" > IPTABLES_RESTORE=${IPTABLES}-restore > [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" > > > Pretty hard to understand how that could go wrong unless the final ''-x'' > test was returning a false value.There''s also a direct call to iptables-restore (not $IPTABLES_RESTORE) in Shorewall::Compiler - I can''t see how that''s relevant, but it looks wrong. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Sat, 2007-09-08 at 18:08 +0100, Andrew Suffield wrote:> On Sat, Sep 08, 2007 at 08:31:47AM -0700, Tom Eastep wrote: > > The lines of shell code leading up to the error should have been the > > following: > > > > IPTABLES="/sbin/iptables" > > > > [ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable" > > IPTABLES_RESTORE=${IPTABLES}-restore > > [ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable" > > > > > > Pretty hard to understand how that could go wrong unless the final ''-x'' > > test was returning a false value. > > There''s also a direct call to iptables-restore (not $IPTABLES_RESTORE) > in Shorewall::Compiler - I can''t see how that''s relevant, but it looks > wrong.Corrected. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/