Shorewall users - Jul 2013 - ERROR: /etc/shorewall/shorewall/shorewall.conf does not exist!

Hi folks,

Version numbers below ... Ubuntu 12.04 and shorewall 4.4.26.1-1 out of apt.

Pretty simple config - I copied over the 2 interface files and made a
few minor changes - and when I try to start up I get the odd error on
the subject line.   And no details in the log file.  Not sure why it
has two shorewall directories deep ... I guess I could create a
directory and symlink it but that seems really hacky.   What''s up
here?

root@ogic2:/etc/shorewall# shorewall start
Compiling...
   ERROR: /etc/shorewall/shorewall/shorewall.conf does not exist!
root@ogic2:/etc/shorewall# dpkg --list | grep -i shorewall
ii  shorewall                             4.4.26.1-1
       Shoreline Firewall, netfilter configurator
root@ogic2:/etc/shorewall# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 12.04.2 LTS
Release:	12.04
Codename:	precise
root@ogic2:/etc/shorewall#


-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

OK some more poking around and I see this which confuses me in the
shorewall.conf

CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"

so I change it to this (even though on other working systems it is like above):

CONFIG_PATH="/etc/shorewall"

And so a bunch of stuff happens when I try to start - but it still
fails with this in the log file :

root@ogic2:/etc/shorewall# cat /var/log/shorewall-init.log
Jul 31 11:14:48    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 11:19:30    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 11:20:06    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 11:21:34    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 11:25:34    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 11:27:19    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 11:29:11    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:17:11    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:17:11    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:17:51    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:17:51    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:24:38    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:28:07    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:34:45    ERROR: /etc/shorewall/shorewall/shorewall.conf does
not exist!
Jul 31 12:35:24 Processing /etc/shorewall/shorewall/shorewall.conf...
Jul 31 12:35:24    ERROR: Undefined shell variable ($CONFDIR)
Jul 31 12:37:52 Processing /etc/shorewall/shorewall.conf...
Jul 31 12:37:53 Compiling /etc/shorewall/zones...
Jul 31 12:37:53 Compiling /etc/shorewall/interfaces...
Jul 31 12:37:53    Interface "net eth0 detect
dhcp,tcpflags,nosmurfs,routefilter,logmartians" Validated
Jul 31 12:37:53    Interface "loc eth2 detect
tcpflags,nosmurfs,routefilter,logmartians" Validated
Jul 31 12:37:53 Determining Hosts in Zones...
Jul 31 12:37:53    fw (firewall)
Jul 31 12:37:53    net (ipv4)
Jul 31 12:37:53       eth0:0.0.0.0/0
Jul 31 12:37:53    loc (ipv4)
Jul 31 12:37:53       eth2:0.0.0.0/0
Jul 31 12:37:53 Locating Action Files...
Jul 31 12:37:53    ERROR: Default Action DROP_DEFAULT=Drop not found
Jul 31 12:38:22 Processing /etc/shorewall/shorewall.conf...
Jul 31 12:38:23 Compiling /etc/shorewall/zones...
Jul 31 12:38:23 Compiling /etc/shorewall/interfaces...
Jul 31 12:38:23    Interface "net eth0 detect
dhcp,tcpflags,nosmurfs,routefilter,logmartians" Validated
Jul 31 12:38:23    Interface "loc eth2 detect
tcpflags,nosmurfs,routefilter,logmartians" Validated
Jul 31 12:38:23 Determining Hosts in Zones...
Jul 31 12:38:23    fw (firewall)
Jul 31 12:38:23    net (ipv4)
Jul 31 12:38:23       eth0:0.0.0.0/0
Jul 31 12:38:23    loc (ipv4)
Jul 31 12:38:23       eth2:0.0.0.0/0
Jul 31 12:38:23 Locating Action Files...
Jul 31 12:38:23    ERROR: Default Action DROP_DEFAULT=Drop not found


-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

On Wed, Jul 31, 2013 at 12:40 PM, Alan McKay <alan.mckay@gmail.com>
wrote:
> CONFIG_PATH="/etc/shorewall"
Success when I change to this!

CONFIG_PATH="/etc/shorewall:/usr/share/shorewall"


But I''m still not sure why the original format works on other systems.

CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"

On those systems I cannot figure out where CONFDIR and SHAREDIR are
defined, but it seems to work fine.


-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

I''m using Shorewall 4.4.26.1 on Ubuntu 12.04. (Same as yours)

But my shorewall.conf file has:

CONFIG_PATH="/etc/shorewall:/usr/share/shorewall"




On Wed, Jul 31, 2013 at 9:47 AM, Alan McKay <alan.mckay@gmail.com>
wrote:
> On Wed, Jul 31, 2013 at 12:40 PM, Alan McKay <alan.mckay@gmail.com>
wrote:
>> CONFIG_PATH="/etc/shorewall"
>
> Success when I change to this!
>
> CONFIG_PATH="/etc/shorewall:/usr/share/shorewall"
>
>
> But I''m still not sure why the original format works on other
systems.
>
> CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
>
> On those systems I cannot figure out where CONFDIR and SHAREDIR are
> defined, but it seems to work fine.
>
>
> --
> “Don''t eat anything you''ve ever seen advertised on TV”
>          - Michael Pollan, author of "In Defense of Food"
>
>
------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
>
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

L
On Jul 31, 2013, at 9:33 AM, Alan McKay <alan.mckay@gmail.com> wrote:
> Hi folks,
> 
> Version numbers below ... Ubuntu 12.04 and shorewall 4.4.26.1-1 out of apt.
> 
> Pretty simple config - I copied over the 2 interface files and made a
> few minor changes - and when I try to start up I get the odd error on
> the subject line.   And no details in the log file.  Not sure why it
> has two shorewall directories deep ... I guess I could create a
> directory and symlink it but that seems really hacky.   What''s up
> here?
> 
> root@ogic2:/etc/shorewall# shorewall start
> Compiling...
>   ERROR: /etc/shorewall/shorewall/shorewall.conf does not exist!
> root@ogic2:/etc/shorewall# dpkg --list | grep -i shorewall
> ii  shorewall                             4.4.26.1-1
>       Shoreline Firewall, netfilter configurator
> root@ogic2:/etc/shorewall# lsb_release -a
> No LSB modules are available.
> Distributor ID:	Ubuntu
> Description:	Ubuntu 12.04.2 LTS
> Release:	12.04
> Codename:	precise
> root@ogic2:/etc/shorewall#
Looks like your shorewallrc file has CONFDIR=/etc/shorewall rather than
CONFDIR=/etc

-Tom

Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________





------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

On Wed, Jul 31, 2013 at 3:04 PM, Tom Eastep <teastep@shorewall.net>
wrote:
> Looks like your shorewallrc file has CONFDIR=/etc/shorewall rather than
CONFDIR=/etc
Aha, I''ll check that tomorrow when the system is back up - it is
awaiting installation into our DMZ at the moment.

Not sure why that would be set wrong since I did not even know about
the existence of that file :-)  So it sure wasn''t me.

As mentioned I have it working - but I''d sooner have it back to a
standard config



-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

On 7/31/2013 12:37 PM, Alan McKay wrote:
> On Wed, Jul 31, 2013 at 3:04 PM, Tom Eastep <teastep@shorewall.net>
wrote:
>> Looks like your shorewallrc file has CONFDIR=/etc/shorewall rather than
CONFDIR=/etc
> Aha, I''ll check that tomorrow when the system is back up - it is
> awaiting installation into our DMZ at the moment.
>
> Not sure why that would be set wrong since I did not even know about
> the existence of that file :-)  So it sure wasn''t me.
>
> As mentioned I have it working - but I''d sooner have it back to a
> standard config
>
>
>
How did you install Shorewall on this system?

-Tom

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

On Wed, Jul 31, 2013 at 9:25 PM, Tom Eastep <teastep@shorewall.net>
wrote:
> How did you install Shorewall on this system?
apt-get -y install

So it came out of the distro

The system is still not up in the DMZ yet so I can''t log back in yet
...


-- 
“Don''t eat anything you''ve ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

Hey Alan,

With (
    Ubuntu 12.04.2 LTS
    Shorewall Version : 4.4.26.1
)

I did an apt-get purge shorewall then an apt-get -y install shorewall
to get a fresh install. The default install populates the
/etc/shorewall folder with two files [ MakeFile, shorewall.conf ]

In shorewall.conf at line 54 I have:
CONFIG_PATH="/etc/shorewall:/usr/share/shorewall"


So I recommend trying a purge and then reinstall. See if you''re
correct config file shows up. (Don''t forget to backup your rules,
policy, interfaces ,etc )



On Thu, Aug 1, 2013 at 10:33 AM, Alan McKay <alan.mckay@gmail.com>
wrote:
> On Wed, Jul 31, 2013 at 9:25 PM, Tom Eastep <teastep@shorewall.net>
wrote:
>> How did you install Shorewall on this system?
>
> apt-get -y install
>
> So it came out of the distro
>
> The system is still not up in the DMZ yet so I can''t log back in
yet ...
>
>
> --
> “Don''t eat anything you''ve ever seen advertised on TV”
>          - Michael Pollan, author of "In Defense of Food"
>
>
------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent
> caught up. So what steps can you take to put your SQL databases under
> version control? Why should you start doing it? Read more to find out.
>
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

On 8/1/2013 10:33 AM, Alan McKay wrote:
> On Wed, Jul 31, 2013 at 9:25 PM, Tom Eastep <teastep@shorewall.net>
wrote:
>> How did you install Shorewall on this system?
> apt-get -y install
>
> So it came out of the distro
>
> The system is still not up in the DMZ yet so I can''t log back in
yet ...
In looking back through the archives, I found that 4.4.26 is before the
creation of the shorewallrc file. So I am at a loss to explain why you
are seeing that failure unless your shorewall.conf file came from a
later Shorewall release.

-Tom

-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________




------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk