Shorewall users - Dec 2008 - Problem with "routeback, blacklist, tcpflags" in Shorewall 4.2.4-2

Hi,

enabling this line in hosts file

"WAN 
eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 
         routeback,blacklist,tcpflags"

results in this error message

--
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore...
iptables-restore v1.3.8: error creating chain ''ACCEPT'':File
exists

Error occurred at line: 29
Try `iptables-restore -h'' or ''iptables-restore
--help'' for more information.
    ERROR: iptables-restore Failed. Input is in 
/var/lib/shorewall/.iptables-restore-input
Processing /etc/shorewall/stop ...
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped ...
/sbin/shorewall: line 742: 32734 Terminated 
$SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
--

removing routeback,blacklist,tcpflags works fine.

Thanks!

Happy new year to all


------------------------------------------------------------------------------

Niedermeier Günter wrote:
> Hi,
> 
> enabling this line in hosts file
> 
> "WAN 
>
eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
>          routeback,blacklist,tcpflags"
> 
> results in this error message
> 
> --
> Preparing iptables-restore input...
> Running /usr/sbin/iptables-restore...
> iptables-restore v1.3.8: error creating chain
''ACCEPT'':File exists
> 
> Error occurred at line: 29
> Try `iptables-restore -h'' or ''iptables-restore
--help'' for more information.
>     ERROR: iptables-restore Failed. Input is in 
> /var/lib/shorewall/.iptables-restore-input
> Processing /etc/shorewall/stop ...
> IPv4 Forwarding Enabled
> Processing /etc/shorewall/stopped ...
> /sbin/shorewall: line 742: 32734 Terminated 
> $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
> --
> 
> removing routeback,blacklist,tcpflags works fine.
>
There isn''t enough here to be able to reproduce the problem.

Please:

a) shorewall show -f capabilities > /etc/shorewall/caps
b) tar -zcf shorewallconf.tgz /etc/shorewall
c) Send the tarball as an attachment to upload@shorewall.net

Thanks


------------------------------------------------------------------------------

...the patch works fine :-)

Thanks!

Shorewall Guy schrieb:
> Niedermeier Günter wrote:
>> Hi,
>>
>> enabling this line in hosts file
>>
>> "WAN 
>>
eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
>>          routeback,blacklist,tcpflags"
>>
>> results in this error message
>>
>> --
>> Preparing iptables-restore input...
>> Running /usr/sbin/iptables-restore...
>> iptables-restore v1.3.8: error creating chain
''ACCEPT'':File exists
>>
>> Error occurred at line: 29
>> Try `iptables-restore -h'' or ''iptables-restore
--help'' for more information.
>>     ERROR: iptables-restore Failed. Input is in 
>> /var/lib/shorewall/.iptables-restore-input
>> Processing /etc/shorewall/stop ...
>> IPv4 Forwarding Enabled
>> Processing /etc/shorewall/stopped ...
>> /sbin/shorewall: line 742: 32734 Terminated 
>> $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
>> --
>>
>> removing routeback,blacklist,tcpflags works fine.
> 
> Please see if the attached patch corrects the problem.
> 
> Thanks
> 
> 
------------------------------------------------------------------------------

Niedermeier Günter wrote:
> ...the patch works fine :-)
> 
> Thanks!
The good news:

	No more errors.

The bad news:

	The generated ruleset was wrong.

You probably want to install Shorewall-perl 4.2.4.4

------------------------------------------------------------------------------

Also good news: the new version works, but I havn''t verified the 
generated ruleset.


Shorewall Guy schrieb:
> Niedermeier Günter wrote:
>> ...the patch works fine :-)
>>
>> Thanks!
> 
> The good news:
> 
> 	No more errors.
> 
> The bad news:
> 
> 	The generated ruleset was wrong.
> 
> You probably want to install Shorewall-perl 4.2.4.4
------------------------------------------------------------------------------