Troy Telford
2014-Jun-20 06:12 UTC
4.6.1: INLINE_MATCHES=Yes causes iptables-restore to crash...
I'm running the Debian (sid) package of Shorewall 4.6.1; kernel 3.14 (debian package) When I upgraded to Shorewall 4.6.1, I have found that setting `INLINE_MATCHES=yes` in shorewall.conf will cause the following error with `shorewall start` Running /sbin/iptables-restore... Bad argument `helper=netbios-ns' Error occurred at line: 228 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input `shorewall check -i` doesn't show any warnings Setting `INLINE_MATCHES=no` allows shorewall to start successfully, so I have a workaround. If I read the documentation correctly, semicolons in rules can be a cause of the problem, however I don't have any rules with semicolons. (I do have SSHKnock set up as documented in http://shorewall.net/PortKnocking.html. That does include semicolons, but disabling SSHKnock didn't seem to have a positive effect. Attached are the output(s) of `shorewall trace` and /var/lib/shorewall/.start, which includes the contents of /var/lib/shorewall/.iptables-restore-input I have a feeling I'm missing something relatively simple, but I can't figure out what... -- Troy Telford ttelford.groups@gmail.com ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems