Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SOLVED#Shorewall-4.5.8.2-r1 won't auto start with rc-update
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
neonxy
n00b
n00b


Joined: 08 Sep 2009
Posts: 7

PostPosted: Wed Mar 06, 2013 5:46 am    Post subject: SOLVED#Shorewall-4.5.8.2-r1 won't auto start with rc-update Reply with quote

Hi,

I am using shorewall-4.5.8.2-r1 with kernel version 3.7.10. Manual shorewall start works through /etc/init.d/shorewall start but shorewall won't start through rc-update during system booting. There is no error in /var/log/messages.

Following is the netfiler kernel config.

CONFIG_NF_CONNTRACK=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CT_PROTO_DCCP=y
CONFIG_NF_CT_PROTO_GRE=y
CONFIG_NF_CT_PROTO_SCTP=y
CONFIG_NF_CT_PROTO_UDPLITE=y
CONFIG_NF_CONNTRACK_AMANDA=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_H323=y
CONFIG_NF_CONNTRACK_IRC=y
CONFIG_NF_CONNTRACK_BROADCAST=y
CONFIG_NF_CONNTRACK_NETBIOS_NS=y
CONFIG_NF_CONNTRACK_SNMP=y
CONFIG_NF_CONNTRACK_PPTP=y
CONFIG_NF_CONNTRACK_SANE=y
CONFIG_NF_CONNTRACK_SIP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_NF_CT_NETLINK=y
CONFIG_NF_CT_NETLINK_TIMEOUT=y
CONFIG_NF_CT_NETLINK_HELPER=y
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=y
CONFIG_NF_NAT_PROTO_UDPLITE=y
CONFIG_NF_NAT_PROTO_SCTP=y
CONFIG_NF_NAT_AMANDA=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_IRC=y
CONFIG_NF_NAT_SIP=y
CONFIG_NF_NAT_TFTP=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_RPFILTER=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_NF_NAT_IPV4=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_NF_NAT_SNMP_BASIC=y
CONFIG_NF_NAT_PROTO_GRE=y
CONFIG_NF_NAT_PPTP=y
CONFIG_NF_NAT_H323=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_CLUSTERIP=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_SECURITY=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y

Net.eth0 starts normally at boot but shorewall won't start.

Following is /etc/shorewall/shorewall.conf file.

###############################################################################
#
# Shorewall Version 4 -- /etc/shorewall/shorewall.conf
#
# For information about the settings in this file, type "man shorewall.conf"
#
# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################

STARTUP_ENABLED=Yes

###############################################################################
# V E R B O S I T Y
###############################################################################

VERBOSITY=1

###############################################################################
# L O G G I N G
###############################################################################

BLACKLIST_LOGLEVEL=

LOG_MARTIANS=Yes

LOG_VERBOSITY=2

LOGALLNEW=

LOGFILE=/var/log/messages

LOGFORMAT="Shorewall:%s:%s:"

LOGTAGONLY=No

LOGLIMIT=

MACLIST_LOG_LEVEL=info

RELATED_LOG_LEVEL=

RPFILTER_LOG_LEVEL=info

SFILTER_LOG_LEVEL=info

SMURF_LOG_LEVEL=info

STARTUP_LOG=/var/log/shorewall-init.log

TCP_FLAGS_LOG_LEVEL=info

###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################

CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"

GEOIPDIR=/usr/share/xt_geoip/LE

IPTABLES=

IP=

IPSET=

LOCKFILE=

MODULESDIR=

NFACCT=

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"

PERL=/usr/bin/perl

RESTOREFILE=restore

SHOREWALL_SHELL=/bin/sh

SUBSYSLOCK=/var/lock/subsys/shorewall

TC=

###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################

ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject

###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################

RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'

###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################

ACCOUNTING=Yes

ACCOUNTING_TABLE=filter

ADD_IP_ALIASES=No

ADD_SNAT_ALIASES=No

ADMINISABSENTMINDED=Yes

AUTOCOMMENT=Yes

AUTOHELPERS=Yes

AUTOMAKE=No

BLACKLISTNEWONLY=Yes

CLAMPMSS=No

CLEAR_TC=Yes

COMPLETE=No

DELETE_THEN_ADD=Yes

DETECT_DNAT_IPADDRS=No

DISABLE_IPV6=No

DONT_LOAD=

DYNAMIC_BLACKLIST=Yes

EXPAND_POLICIES=Yes

EXPORTMODULES=Yes

FASTACCEPT=No

FORWARD_CLEAR_MARK=

HELPERS=

IMPLICIT_CONTINUE=No

IPSET_WARNINGS=Yes

IP_FORWARDING=On

KEEP_RT_TABLES=No

LEGACY_FASTSTART=Yes

LOAD_HELPERS_ONLY=No

MACLIST_TABLE=filter

MACLIST_TTL=

MANGLE_ENABLED=Yes

MAPOLDACTIONS=No

MARK_IN_FORWARD_CHAIN=No

MODULE_SUFFIX=ko

MULTICAST=No

MUTEX_TIMEOUT=60

NULL_ROUTE_RFC1918=No

OPTIMIZE=0

OPTIMIZE_ACCOUNTING=No

REQUIRE_INTERFACE=No

RESTORE_DEFAULT_ROUTE=Yes

RETAIN_ALIASES=No

ROUTE_FILTER=No

SAVE_IPSETS=No

TC_ENABLED=Internal

TC_EXPERT=No

TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"

TRACK_PROVIDERS=No

USE_DEFAULT_RT=No

USE_PHYSICAL_NAMES=No

ZONE2ZONE=2

###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################

BLACKLIST_DISPOSITION=DROP

MACLIST_DISPOSITION=REJECT

RELATED_DISPOSITION=ACCEPT

RPFILTER_DISPOSITION=DROP

SMURF_DISPOSITION=DROP

SFILTER_DISPOSITION=DROP

TCP_FLAGS_DISPOSITION=DROP

################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################

TC_BITS=

PROVIDER_BITS=

PROVIDER_OFFSET=

MASK_BITS=

ZONE_BITS=0

################################################################################
# L E G A C Y O P T I O N
# D O N O T D E L E T E O R A L T E R
################################################################################

IPSECFILE=zones

================================================================================================================

Following is shorewall check output

Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
Running /etc/shorewall/initdone...
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/tcrules...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Checking /etc/shorewall/conntrack...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Shorewall configuration verified

===============================================================================================================

Did anyone else face this before ? Am I doing something wrong !

regards.


Last edited by neonxy on Wed Mar 06, 2013 8:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
Navar
Guru
Guru


Joined: 20 Aug 2012
Posts: 353

PostPosted: Wed Mar 06, 2013 7:34 am    Post subject: Reply with quote

See https://bugs.gentoo.org/show_bug.cgi?id=456764
_________________
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
Back to top
View user's profile Send private message
neonxy
n00b
n00b


Joined: 08 Sep 2009
Posts: 7

PostPosted: Wed Mar 06, 2013 8:57 pm    Post subject: SOLVED#Shorewall-4.5.8.2-r1 won't auto start with rc-update Reply with quote

Thank you. Package upgrade solved it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum