Menu
▾
▴
shorewall-users — Shoreline Firewall users - for getting help and reporting problems
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(93) |
Nov
(89) |
Dec
(68) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(229) |
Feb
(204) |
Mar
(314) |
Apr
(380) |
May
(367) |
Jun
(244) |
Jul
(300) |
Aug
(505) |
Sep
(359) |
Oct
(531) |
Nov
(427) |
Dec
(390) |
| 2003 |
Jan
(585) |
Feb
(623) |
Mar
(412) |
Apr
(315) |
May
(480) |
Jun
(394) |
Jul
(544) |
Aug
(768) |
Sep
(602) |
Oct
(680) |
Nov
(499) |
Dec
(398) |
| 2004 |
Jan
(407) |
Feb
(400) |
Mar
(410) |
Apr
(576) |
May
(619) |
Jun
(424) |
Jul
(513) |
Aug
(404) |
Sep
(433) |
Oct
(455) |
Nov
(550) |
Dec
(659) |
| 2005 |
Jan
(450) |
Feb
(472) |
Mar
(443) |
Apr
(465) |
May
(434) |
Jun
(273) |
Jul
(518) |
Aug
(484) |
Sep
(380) |
Oct
(400) |
Nov
(351) |
Dec
(265) |
| 2006 |
Jan
(335) |
Feb
(462) |
Mar
(498) |
Apr
(398) |
May
(280) |
Jun
(273) |
Jul
(229) |
Aug
(377) |
Sep
(201) |
Oct
(279) |
Nov
(247) |
Dec
(229) |
| 2007 |
Jan
(301) |
Feb
(190) |
Mar
(281) |
Apr
(444) |
May
(394) |
Jun
(247) |
Jul
(259) |
Aug
(391) |
Sep
(219) |
Oct
(306) |
Nov
(307) |
Dec
(257) |
| 2008 |
Jan
(256) |
Feb
(248) |
Mar
(330) |
Apr
(219) |
May
(194) |
Jun
(179) |
Jul
(183) |
Aug
(116) |
Sep
(260) |
Oct
(204) |
Nov
(274) |
Dec
(228) |
| 2009 |
Jan
(251) |
Feb
(160) |
Mar
(178) |
Apr
(196) |
May
(189) |
Jun
(239) |
Jul
(92) |
Aug
(155) |
Sep
(147) |
Oct
(169) |
Nov
(159) |
Dec
(205) |
| 2010 |
Jan
(63) |
Feb
(230) |
Mar
(94) |
Apr
(103) |
May
(113) |
Jun
(149) |
Jul
(158) |
Aug
(203) |
Sep
(255) |
Oct
(138) |
Nov
(122) |
Dec
(108) |
| 2011 |
Jan
(93) |
Feb
(100) |
Mar
(153) |
Apr
(175) |
May
(349) |
Jun
(210) |
Jul
(176) |
Aug
(179) |
Sep
(148) |
Oct
(151) |
Nov
(102) |
Dec
(83) |
| 2012 |
Jan
(179) |
Feb
(125) |
Mar
(211) |
Apr
(164) |
May
(195) |
Jun
(160) |
Jul
(137) |
Aug
(159) |
Sep
(214) |
Oct
(189) |
Nov
(71) |
Dec
(90) |
| 2013 |
Jan
(161) |
Feb
(99) |
Mar
(190) |
Apr
(133) |
May
(119) |
Jun
(97) |
Jul
(116) |
Aug
(109) |
Sep
(213) |
Oct
(175) |
Nov
(119) |
Dec
(90) |
| 2014 |
Jan
(104) |
Feb
(105) |
Mar
(125) |
Apr
(119) |
May
(141) |
Jun
(82) |
Jul
(193) |
Aug
(164) |
Sep
(160) |
Oct
(162) |
Nov
(44) |
Dec
(43) |
| 2015 |
Jan
(92) |
Feb
(67) |
Mar
(117) |
Apr
(67) |
May
(121) |
Jun
(39) |
Jul
(31) |
Aug
(87) |
Sep
(143) |
Oct
(130) |
Nov
(116) |
Dec
(67) |
| 2016 |
Jan
(66) |
Feb
(78) |
Mar
(127) |
Apr
(148) |
May
(56) |
Jun
(67) |
Jul
(30) |
Aug
(48) |
Sep
(87) |
Oct
(113) |
Nov
(64) |
Dec
(115) |
| 2017 |
Jan
(95) |
Feb
(73) |
Mar
(166) |
Apr
(27) |
May
(75) |
Jun
(94) |
Jul
(144) |
Aug
(94) |
Sep
(70) |
Oct
(98) |
Nov
(69) |
Dec
(176) |
| 2018 |
Jan
(140) |
Feb
(112) |
Mar
(68) |
Apr
(68) |
May
(97) |
Jun
(59) |
Jul
(75) |
Aug
(44) |
Sep
(44) |
Oct
(75) |
Nov
(64) |
Dec
(54) |
| 2019 |
Jan
(107) |
Feb
(100) |
Mar
(30) |
Apr
(31) |
May
(40) |
Jun
(14) |
Jul
(40) |
Aug
(37) |
Sep
(29) |
Oct
(78) |
Nov
(41) |
Dec
(42) |
| 2020 |
Jan
(43) |
Feb
(91) |
Mar
(86) |
Apr
(38) |
May
(70) |
Jun
(52) |
Jul
(48) |
Aug
(27) |
Sep
(48) |
Oct
(63) |
Nov
(61) |
Dec
(34) |
| 2021 |
Jan
(26) |
Feb
(4) |
Mar
(1) |
Apr
(5) |
May
(26) |
Jun
(13) |
Jul
(23) |
Aug
(14) |
Sep
(35) |
Oct
(13) |
Nov
(2) |
Dec
(33) |
| 2022 |
Jan
(32) |
Feb
(28) |
Mar
(29) |
Apr
(23) |
May
(15) |
Jun
(7) |
Jul
(6) |
Aug
(10) |
Sep
(3) |
Oct
|
Nov
(7) |
Dec
(3) |
| 2023 |
Jan
(7) |
Feb
(7) |
Mar
(6) |
Apr
(23) |
May
(1) |
Jun
(7) |
Jul
(4) |
Aug
(7) |
Sep
|
Oct
(27) |
Nov
(4) |
Dec
|
| 2024 |
Jan
(5) |
Feb
(28) |
Mar
(11) |
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
(13) |
Oct
(7) |
Nov
(2) |
Dec
(12) |
| 2025 |
Jan
|
Feb
(46) |
Mar
(16) |
Apr
(4) |
May
(4) |
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(5) |
Nov
(6) |
Dec
|
| 2026 |
Jan
(22) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Phil S. <ph...@ca...> - 2026-01-15 17:40:22
|
On 1/15/26 12:08, Hosney Osman wrote: > Dear Erich ., > iptable is easy to understand > shorwall i finally perform successful installation > but for example in iptable the first point i actually do is > drip inbound - outbound and forwarding traffic > > then i open by request what is needed one by one > > did you got my point > > i need to understand shorwall also but i can't find easy guide to make > itas start point Honestly, if you already understand iptables well, why do you want Shorewall in the first place? I run shorewall because after years of running a lightweight OpenBSD box as a firewall using pf, I found shorewall's syntax as clear, easy and human-readable as pf's. It took me less than a day to learn enough about shorewall to get a new firewall up and running. By contrast I find iptables/ipchains/netfilter to be horribly arcane, user-hostile and incomprehensible. It's a grammar seemingly never designed with any thought for anything *but* the kernel being able to read it without great effort. If netfilter is the machine language of Linux firewalling, then Shorewall is a high-level language compiler. It takes rules written in a human-readable grammar and compiles them into netfilter's machine language (iptables/ipchains). If you understand iptables but somehow find yourself unable to grasp Shorewall's documentation, then honestly, the best suggestion I can offer is to go and read the O'Reilly book Practical Linux Security, which is written around using Shorewall: https://www.oreilly.com/library/view/practical-linux-security/9781789138399/b15f14b7-b3d0-48ef-881f-e407af69186a.xhtml -- Phil Stracchino Fenian House Publishing ph...@ca... ph...@co... Landline: +1.603.293.8485 Mobile: +1.603.998.6958 |
|
From: Hosney O. <hos...@gm...> - 2026-01-15 17:09:05
|
Dear Erich ., iptable is easy to understand shorwall i finally perform successful installation but for example in iptable the first point i actually do is drip inbound - outbound and forwarding traffic then i open by request what is needed one by one did you got my point i need to understand shorwall also but i can't find easy guide to make itas start point On Thu, Jan 15, 2026 at 5:46 PM Erich Titl <eri...@th...> wrote: > Hi > > Am 15.01.2026 um 16:11 schrieb Hosney Osman: > > Dears ., > > does any have recommendation > > how to start my study in sharewall > > please do not guide me to documentation as i am already start but i am > > not able to understand > > Maybe you best install a preconfigured shorewall on your machine, start > it and have a look at iptables to see what was configured. > Understand that shorewall is just a (quite complex) compiler for iptable > entries. > > ET > -- > „Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“ > ―Friedrich Nietzsche > > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users > |
|
From: Erich T. <eri...@th...> - 2026-01-15 15:44:38
|
Hi Am 15.01.2026 um 16:11 schrieb Hosney Osman: > Dears ., > does any have recommendation > how to start my study in sharewall > please do not guide me to documentation as i am already start but i am > not able to understand Maybe you best install a preconfigured shorewall on your machine, start it and have a look at iptables to see what was configured. Understand that shorewall is just a (quite complex) compiler for iptable entries. ET -- „Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“ ―Friedrich Nietzsche |
|
From: Hosney O. <hos...@gm...> - 2026-01-15 15:12:02
|
Dears ., does any have recommendation how to start my study in sharewall please do not guide me to documentation as i am already start but i am not able to understand |
|
From: Winston S. <wl...@ro...> - 2026-01-14 07:21:42
|
I do this as well, but because I have a secondary ISP that goes up and down a lot, I put a post-up shorewall enable ppp2; shorewall restart in my /etc/network/interfaces (assuming you use one of those... if you are using e.g. netcfg I am sure there are places you can hook an explicit call in. There is absolutely no harm in calling shorewall several times, as all it does is configure your iptables. With systemd, make sure that shorewall.service contains Wants=network-online.target After=network-online.target Hmmn... one thing you should make sure is that your network interface actually is *up* before you call shorewall. It *can* be configured to figure this out itself, but that involves a more complex situation with optional in the /etc/shorewall[6]/interfaces file, and you would still want something to trigger shorewall enable. On 2026-01-13 09:52, rcortes--- via Shorewall-users wrote: > > Hi Robert, > > > I'm using systemcl > > > systemctl enable shorewall after install package. > > > Thx. > > > El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. escribió: > >> How are you starting Shorewall after a reboot? >> >> >> On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: >>> Hi Simon, >>> >>> i use shorewall from shorewall site reference, in this case 5.1.12 >>> from https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ >>> <https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/> >>> and 5.2.8 from >>> https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ >>> <https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/> >>> >>> 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. >>> 5.2.8-12 start but dont work nat/dnat/proxyarp >>> >>> Thx >>> >>> El 2026-01-13 04:56, Simon Matter escribió: >>>> Hi, >>>> >>>>> Hello everyone! >>>>> >>>>> Somebody know why or how to fix shorewall for not need clear and >>>>> start >>>>> after reboot? i have EL7 and shorewall 5.1.12, previously working >>>>> with >>>>> 5.1.10 and try with 5.2.8-12 but shorewall start but >>>>> nat/dnat/proxyarp >>>>> dont work. >>>> >>>> Seems that your shorewall start is not working properly. Are you >>>> using a >>>> shorewall package from epel? If so you could check the changelog to >>>> see >>>> who has packaged it and ask directly? >>>> >>>> Regards, >>>> Simon >>> >>> >>> _______________________________________________ >>> Shorewall-users mailing list >>> Sho...@li... >>> <mailto:Sho...@li...> >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> <https://lists.sourceforge.net/lists/listinfo/shorewall-users> >> -- >> Robert K Coffman Jr. >> Info From Data Corp. >> 3307249000 >> su...@in... <mailto:su...@in...> >> >> _______________________________________________ >> Shorewall-users mailing list >> Sho...@li... >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <rc...@ed...> - 2026-01-13 19:28:27
|
Robert,
/var/log/shorewall-init.log exist, tonight reboot system without log and
post before.
shorewall for EL7 o CentOS7 or similar use systemctl, maybe shorewall
start before other service. Somebody have experience with this?
Thx
El 2026-01-13 14:57, Robert K Coffman Jr. -Info From Data Corp.
escribió:
> Logging is too deep for me to go into here - on my system, there is a
> shorewall-init log in /var/log. I suspect your system has this in
> logcontrol.
>
> Here is the contents of the init.d job that starts shorewall on my
> firewalls. For some changes to my configuration, I have to use this
> script before shorewall start, or else the change doesn't work. I only
> bring it up because perhaps the difference between
> "/etc/init.d/shorewall start" and "shorewall start" could be used to
> fix your problem. Strictly speculation however.
>
> #!/bin/sh
>
> RCDLINKS="2,S19 3,S19 4,S19 5,S19 0,K91 6,K91"
>
> OPTIONS=""
>
> WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
>
> # Use /etc/default shorewall to specify $OPTIONS and STARTOPTIONS to
> # run at startup, however this this might prevent shorewall from
> # starting. use at your own risk
> if [ -f "/etc/default/shorewall" ] ; then
> . /etc/default/shorewall
> fi
>
> # wait for an unconfigured interface
> wait_for_pppd () {
> if [ "$wait_interface" != "" ]
> then
> if [ -f $WAIT_FOR_IFUP ]
> then
> for i in $wait_interface
> do
> $WAIT_FOR_IFUP $i 60
> done
> else
> echo "$WAIT_FOR_IFUP: File not found"
> exit 2
> fi
> fi
> }
>
> start() {
> echo "Starting IPv4 shorewall rules..."
> wait_for_pppd
> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
> /sbin/shorewall $OPTIONS start $STARTOPTIONS
> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
> }
>
> stop() {
> echo "Stopping IPv4 shorewall rules..."
> /sbin/shorewall stop
> }
>
> refresh() {
> echo "Refreshing IPv4 shorewall rules..."
> /sbin/shorewall refresh $REFRESHOPTIONS
> }
>
> reload() {
> echo "Reloading IPv4 shorewall rules..."
> /sbin/shorewall reload $RELOADOPTIONS
> }
>
> restart() {
> echo "Restarting IPv4 shorewall rules..."
> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
> /sbin/shorewall restart $RESTARTOPTIONS
> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
> }
>
> status() {
> /sbin/shorewall status
> }
>
> case "$1" in
> 'start')
> start
> ;;
> 'stop')
> stop
> ;;
> 'refresh')
> refresh
> ;;
> 'reload')
> reload
> ;;
> 'restart')
> restart
> ;;
> 'status')
> status
> ;;
> *)
> echo "Usage: $0 start|stop|refresh|reload|restart|status"
> ;;
> esac
>
> exit 0
>
> # All done
>
> - Bob
>
> On 1/13/2026 11:36:39 AM, rc...@ed... wrote:
>
> Hi Robert,
>
> Do you mean shorewall show log or other?
>
> Thx
>
> El 2026-01-13 13:11, Robert K Coffman Jr. -Info From Data Corp.
> escribió:
>
> Ok - what do the logs say after a reboot? One potential issue that
> might cause this is the status of any interfaces that are required but
> not ready when shorewall starts.
>
> On 1/13/2026 9:52:47 AM, rc...@ed... wrote:
>
> Hi Robert,
>
> I'm using systemcl
>
> systemctl enable shorewall after install package.
>
> Thx.
>
> El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp.
> escribió:
>
> How are you starting Shorewall after a reboot?
>
> On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: Hi
> Simon,
>
> i use shorewall from shorewall site reference, in this case 5.1.12 from
> https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/
> and 5.2.8 from
> https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/
>
> 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work.
> 5.2.8-12 start but dont work nat/dnat/proxyarp
>
> Thx
>
> El 2026-01-13 04:56, Simon Matter escribió:
> Hi,
>
> Hello everyone!
>
> Somebody know why or how to fix shorewall for not need clear and start
> after reboot? i have EL7 and shorewall 5.1.12, previously working with
> 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp
> dont work.
> Seems that your shorewall start is not working properly. Are you using
> a
> shorewall package from epel? If so you could check the changelog to see
> who has packaged it and ask directly?
>
> Regards,
> Simon
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <rc...@ed...> - 2026-01-13 19:23:13
|
correct!! start but dont work after reboot.
El 2026-01-13 15:16, damjan--- via Shorewall-users escribió:
> Hi
>
> Did you also do this »systemctl enable shorewall«
>
> From: Robert K Coffman Jr. -Info From Data Corp.
> <bco...@in...>
> Sent: Tuesday, January 13, 2026 6:58 PM
> To: Shorewall Users <sho...@li...>
> Subject: Re: [Shorewall-users] Shorewall need clear to work after
> reboot
>
> Logging is too deep for me to go into here - on my system, there is a
> shorewall-init log in /var/log. I suspect your system has this in
> logcontrol.
>
> Here is the contents of the init.d job that starts shorewall on my
> firewalls. For some changes to my configuration, I have to use this
> script before shorewall start, or else the change doesn't work. I only
> bring it up because perhaps the difference between
> "/etc/init.d/shorewall start" and "shorewall start" could be used to
> fix your problem. Strictly speculation however.
>
> #!/bin/sh
>
> RCDLINKS="2,S19 3,S19 4,S19 5,S19 0,K91 6,K91"
>
> OPTIONS=""
>
> WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
>
> # Use /etc/default shorewall to specify $OPTIONS and STARTOPTIONS to
> # run at startup, however this this might prevent shorewall from
> # starting. use at your own risk
> if [ -f "/etc/default/shorewall" ] ; then
> . /etc/default/shorewall
> fi
>
> # wait for an unconfigured interface
> wait_for_pppd () {
> if [ "$wait_interface" != "" ]
> then
> if [ -f $WAIT_FOR_IFUP ]
> then
> for i in $wait_interface
> do
> $WAIT_FOR_IFUP $i 60
> done
> else
> echo "$WAIT_FOR_IFUP: File not found"
> exit 2
> fi
> fi
> }
>
> start() {
> echo "Starting IPv4 shorewall rules..."
> wait_for_pppd
> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
> /sbin/shorewall $OPTIONS start $STARTOPTIONS
> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
> }
>
> stop() {
> echo "Stopping IPv4 shorewall rules..."
> /sbin/shorewall stop
> }
>
> refresh() {
> echo "Refreshing IPv4 shorewall rules..."
> /sbin/shorewall refresh $REFRESHOPTIONS
> }
>
> reload() {
> echo "Reloading IPv4 shorewall rules..."
> /sbin/shorewall reload $RELOADOPTIONS
> }
>
> restart() {
> echo "Restarting IPv4 shorewall rules..."
> [ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
> /sbin/shorewall restart $RESTARTOPTIONS
> [ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
> }
>
> status() {
> /sbin/shorewall status
> }
>
> case "$1" in
> 'start')
> start
> ;;
> 'stop')
> stop
> ;;
> 'refresh')
> refresh
> ;;
> 'reload')
> reload
> ;;
> 'restart')
> restart
> ;;
> 'status')
> status
> ;;
> *)
> echo "Usage: $0 start|stop|refresh|reload|restart|status"
> ;;
> esac
>
> exit 0
>
> # All done
>
> - Bob
>
> On 1/13/2026 11:36:39 AM, rc...@ed... wrote:
>
> Hi Robert,
>
> Do you mean shorewall show log or other?
>
> Thx
>
> El 2026-01-13 13:11, Robert K Coffman Jr. -Info From Data Corp.
> escribió:
>
> Ok - what do the logs say after a reboot? One potential issue that
> might cause this is the status of any interfaces that are required but
> not ready when shorewall starts.
>
> On 1/13/2026 9:52:47 AM, rc...@ed... wrote:
>
> Hi Robert,
>
> I'm using systemcl
>
> systemctl enable shorewall after install package.
>
> Thx.
>
> El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp.
> escribió:
>
> How are you starting Shorewall after a reboot?
>
> On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote:
>
> Hi Simon,
>
> i use shorewall from shorewall site reference, in this case 5.1.12 from
> https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/
> and 5.2.8 from
> https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/
>
> 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work.
> 5.2.8-12 start but dont work nat/dnat/proxyarp
>
> Thx
>
> El 2026-01-13 04:56, Simon Matter escribió:
>
> Hi,
>
> Hello everyone!
>
> Somebody know why or how to fix shorewall for not need clear and start
> after reboot? i have EL7 and shorewall 5.1.12, previously working with
> 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp
> dont work.
>
> Seems that your shorewall start is not working properly. Are you using
> a
> shorewall package from epel? If so you could check the changelog to see
> who has packaged it and ask directly?
>
> Regards,
> Simon
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <da...@po...> - 2026-01-13 18:21:44
|
Hi
Did you also do this »systemctl enable shorewall«
From: Robert K Coffman Jr. -Info From Data Corp. <bco...@in...>
Sent: Tuesday, January 13, 2026 6:58 PM
To: Shorewall Users <sho...@li...>
Subject: Re: [Shorewall-users] Shorewall need clear to work after reboot
Logging is too deep for me to go into here - on my system, there is a shorewall-init log in /var/log. I suspect your system has this in logcontrol.
Here is the contents of the init.d job that starts shorewall on my firewalls. For some changes to my configuration, I have to use this script before shorewall start, or else the change doesn't work. I only bring it up because perhaps the difference between "/etc/init.d/shorewall start" and "shorewall start" could be used to fix your problem. Strictly speculation however.
#!/bin/sh
RCDLINKS="2,S19 3,S19 4,S19 5,S19 0,K91 6,K91"
OPTIONS=""
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
# Use /etc/default shorewall to specify $OPTIONS and STARTOPTIONS to
# run at startup, however this this might prevent shorewall from
# starting. use at your own risk
if [ -f "/etc/default/shorewall" ] ; then
. /etc/default/shorewall
fi
# wait for an unconfigured interface
wait_for_pppd () {
if [ "$wait_interface" != "" ]
then
if [ -f $WAIT_FOR_IFUP ]
then
for i in $wait_interface
do
$WAIT_FOR_IFUP $i 60
done
else
echo "$WAIT_FOR_IFUP: File not found"
exit 2
fi
fi
}
start() {
echo "Starting IPv4 shorewall rules..."
wait_for_pppd
[ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
/sbin/shorewall $OPTIONS start $STARTOPTIONS
[ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
}
stop() {
echo "Stopping IPv4 shorewall rules..."
/sbin/shorewall stop
}
refresh() {
echo "Refreshing IPv4 shorewall rules..."
/sbin/shorewall refresh $REFRESHOPTIONS
}
reload() {
echo "Reloading IPv4 shorewall rules..."
/sbin/shorewall reload $RELOADOPTIONS
}
restart() {
echo "Restarting IPv4 shorewall rules..."
[ -x /usr/sbin/mount_modules ] && /usr/sbin/mount_modules
/sbin/shorewall restart $RESTARTOPTIONS
[ -x /usr/sbin/umount_modules ] && /usr/sbin/umount_modules
}
status() {
/sbin/shorewall status
}
case "$1" in
'start')
start
;;
'stop')
stop
;;
'refresh')
refresh
;;
'reload')
reload
;;
'restart')
restart
;;
'status')
status
;;
*)
echo "Usage: $0 start|stop|refresh|reload|restart|status"
;;
esac
exit 0
# All done
- Bob
On 1/13/2026 11:36:39 AM, rc...@ed... <mailto:rc...@ed...> wrote:
Hi Robert,
Do you mean shorewall show log or other?
Thx
El 2026-01-13 13:11, Robert K Coffman Jr. -Info From Data Corp. escribió:
Ok - what do the logs say after a reboot? One potential issue that might cause this is the status of any interfaces that are required but not ready when shorewall starts.
On 1/13/2026 9:52:47 AM, rc...@ed... <mailto:rc...@ed...> wrote:
Hi Robert,
I'm using systemcl
systemctl enable shorewall after install package.
Thx.
El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. escribió:
How are you starting Shorewall after a reboot?
On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote:
Hi Simon,
i use shorewall from shorewall site reference, in this case 5.1.12 from https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/
and 5.2.8 from https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/
5.1.12 or 5.1.10 start but dont work, need apply clear/start to work.
5.2.8-12 start but dont work nat/dnat/proxyarp
Thx
El 2026-01-13 04:56, Simon Matter escribió:
Hi,
Hello everyone!
Somebody know why or how to fix shorewall for not need clear and start
after reboot? i have EL7 and shorewall 5.1.12, previously working with
5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp
dont work.
Seems that your shorewall start is not working properly. Are you using a
shorewall package from epel? If so you could check the changelog to see
who has packaged it and ask directly?
Regards,
Simon
_______________________________________________
Shorewall-users mailing list
Sho...@li... <mailto:Sho...@li...>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in... <mailto:su...@in...>
_______________________________________________
Shorewall-users mailing list
Sho...@li... <mailto:Sho...@li...>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in... <mailto:su...@in...>
_______________________________________________
Shorewall-users mailing list
Sho...@li... <mailto:Sho...@li...>
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in... <mailto:su...@in...>
|
|
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2026-01-13 17:57:52
|
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Logging is too deep for me to go into here - on my system, there
is a shorewall-init log in /var/log. I suspect your system has
this in logcontrol.</p>
<p>Here is the contents of the init.d job that starts shorewall on
my firewalls. For some changes to my configuration, I have to use
this script before shorewall start, or else the change doesn't
work. I only bring it up because perhaps the difference between
"/etc/init.d/shorewall start" and "shorewall start" could be used
to fix your problem. Strictly speculation however.</p>
<p>#!/bin/sh<br>
<br>
RCDLINKS="2,S19 3,S19 4,S19 5,S19 0,K91 6,K91"<br>
<br>
OPTIONS=""<br>
<br>
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup<br>
<br>
# Use /etc/default shorewall to specify $OPTIONS and STARTOPTIONS
to<br>
# run at startup, however this this might prevent shorewall from<br>
# starting. use at your own risk<br>
if [ -f "/etc/default/shorewall" ] ; then<br>
. /etc/default/shorewall<br>
fi<br>
<br>
# wait for an unconfigured interface<br>
wait_for_pppd () {<br>
if [ "$wait_interface" != "" ]<br>
then<br>
if [ -f $WAIT_FOR_IFUP ]<br>
then<br>
for i in $wait_interface<br>
do<br>
$WAIT_FOR_IFUP $i 60<br>
done<br>
else<br>
echo "$WAIT_FOR_IFUP: File not found"<br>
exit 2<br>
fi<br>
fi<br>
}<br>
<br>
<br>
start() {<br>
echo "Starting IPv4 shorewall rules..."<br>
wait_for_pppd<br>
[ -x /usr/sbin/mount_modules ] &&
/usr/sbin/mount_modules<br>
/sbin/shorewall $OPTIONS start $STARTOPTIONS<br>
[ -x /usr/sbin/umount_modules ] &&
/usr/sbin/umount_modules<br>
}<br>
<br>
stop() {<br>
echo "Stopping IPv4 shorewall rules..."<br>
/sbin/shorewall stop<br>
}<br>
<br>
refresh() {<br>
echo "Refreshing IPv4 shorewall rules..."<br>
/sbin/shorewall refresh $REFRESHOPTIONS<br>
}<br>
<br>
<br>
reload() {<br>
echo "Reloading IPv4 shorewall rules..."<br>
/sbin/shorewall reload $RELOADOPTIONS<br>
}<br>
<br>
restart() {<br>
echo "Restarting IPv4 shorewall rules..."<br>
[ -x /usr/sbin/mount_modules ] &&
/usr/sbin/mount_modules<br>
/sbin/shorewall restart $RESTARTOPTIONS<br>
[ -x /usr/sbin/umount_modules ] &&
/usr/sbin/umount_modules<br>
}<br>
<br>
status() {<br>
/sbin/shorewall status<br>
}<br>
<br>
case "$1" in<br>
'start')<br>
start<br>
;;<br>
'stop')<br>
stop<br>
;;<br>
'refresh')<br>
refresh<br>
;;<br>
'reload')<br>
reload<br>
;;<br>
'restart')<br>
restart<br>
;;<br>
'status')<br>
status<br>
;;<br>
*)<br>
echo "Usage: $0
start|stop|refresh|reload|restart|status"<br>
;;<br>
esac<br>
<br>
exit 0<br>
<br>
# All done<br>
</p>
<p>- Bob</p>
<div class="moz-cite-prefix">On 1/13/2026 11:36:39 AM,
<a class="moz-txt-link-abbreviated" href="mailto:rc...@ed...">rc...@ed...</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:aad...@ed...">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Robert,</p>
<p>Do you mean shorewall show log or other?</p>
<p><br>
</p>
<p>Thx</p>
<p><br>
</p>
<p id="reply-intro">El 2026-01-13 13:11, Robert K Coffman Jr.
-Info From Data Corp. escribió:</p>
<blockquote type="cite"
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<div id="replybody1">
<p>Ok - what do the logs say after a reboot? One potential
issue that might cause this is the status of any interfaces
that are required but not ready when shorewall starts.</p>
<div class="v1moz-cite-prefix">On 1/13/2026 9:52:47 AM, <a
class="v1moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:rc...@ed..." rel="noreferrer"
moz-do-not-send="true">rc...@ed...</a> wrote:</div>
<blockquote type="cite"
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<p>Hi Robert,</p>
<p><br>
</p>
<p>I'm using systemcl </p>
<p><br>
</p>
<p>systemctl enable shorewall after install package.</p>
<p><br>
</p>
<p>Thx.</p>
<p><br>
</p>
<p id="v1reply-intro">El 2026-01-13 10:30, Robert K Coffman
Jr. -Info From Data Corp. escribió:</p>
<blockquote
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0;">
<div id="v1replybody1">
<p>How are you starting Shorewall after a reboot?</p>
<p><br>
</p>
<div class="v1v1moz-cite-prefix">On 1/13/2026 5:59:25
AM, rcortes--- via Shorewall-users wrote:</div>
<blockquote
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0;">Hi
Simon, <br>
<br>
i use shorewall from shorewall site reference, in this
case 5.1.12 from <a
class="v1v1moz-txt-link-freetext v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/</a>
<br>
and 5.2.8 from <a
class="v1v1moz-txt-link-freetext v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/</a>
<br>
<br>
5.1.12 or 5.1.10 start but dont work, need apply
clear/start to work. <br>
5.2.8-12 start but dont work nat/dnat/proxyarp <br>
<br>
Thx <br>
<br>
El 2026-01-13 04:56, Simon Matter escribió: <br>
<blockquote
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0;">Hi,
<br>
<br>
<blockquote
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0;">Hello
everyone! <br>
<br>
Somebody know why or how to fix shorewall for not
need clear and start <br>
after reboot? i have EL7 and shorewall 5.1.12,
previously working with <br>
5.1.10 and try with 5.2.8-12 but shorewall start
but nat/dnat/proxyarp <br>
dont work.</blockquote>
<br>
Seems that your shorewall start is not working
properly. Are you using a <br>
shorewall package from epel? If so you could check
the changelog to see <br>
who has packaged it and ask directly? <br>
<br>
Regards, <br>
Simon</blockquote>
<br>
<br>
_______________________________________________ <br>
Shorewall-users mailing list <br>
<a
class="v1v1moz-txt-link-abbreviated v1moz-txt-link-freetext moz-txt-link-freetext"
href="mailto:Sho...@li..."
rel="noreferrer" moz-do-not-send="true">Sho...@li...</a>
<br>
<a
class="v1v1moz-txt-link-freetext v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://lists.sourceforge.net/lists/listinfo/shorewall-users"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.sourceforge.net/lists/listinfo/shorewall-users</a></blockquote>
<pre class="v1v1moz-signature">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a
class="v1v1moz-txt-link-abbreviated v1moz-txt-link-freetext moz-txt-link-freetext"
href="mailto:su...@in..." rel="noreferrer"
moz-do-not-send="true">su...@in...</a></pre>
</div>
<br>
<div class="v1pre"
style="margin: 0; padding: 0; font-family: monospace;">_______________________________________________<br>
Shorewall-users mailing list<br>
<a class="v1moz-txt-link-freetext moz-txt-link-freetext"
href="mailto:Sho...@li..."
rel="noreferrer" moz-do-not-send="true">Sho...@li...</a><br>
<a class="v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://lists.sourceforge.net/lists/listinfo/shorewall-users"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.sourceforge.net/lists/listinfo/shorewall-users</a></div>
</blockquote>
</blockquote>
<pre class="v1moz-signature">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a class="v1moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:su...@in..." rel="noreferrer"
moz-do-not-send="true">su...@in...</a></pre>
</div>
<br>
<div class="pre"
style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br>
Shorewall-users mailing list<br>
<a href="mailto:Sho...@li..."
moz-do-not-send="true" class="moz-txt-link-freetext">Sho...@li...</a><br>
<a
href="https://lists.sourceforge.net/lists/listinfo/shorewall-users"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/shorewall-users</a></div>
</blockquote>
</blockquote>
<pre class="moz-signature" cols="72">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre>
</body>
</html>
|
|
From: <da...@po...> - 2026-01-13 16:51:31
|
Hi I had many times the same problem, even now I check 10 times to see if shorewall is runing, I even add it startup in cron job to restart at boot. I use mostly redhat. Regards From: rcortes--- via Shorewall-users <sho...@li...> Sent: Tuesday, January 13, 2026 5:32 PM To: Shorewall Users <sho...@li...> Cc: rc...@ed... Subject: Re: [Shorewall-users] Shorewall need clear to work after reboot is correct, startup is enable :) shorewall show startup ok [root@leviathan ~]# systemctl status shorewall ● shorewall.service - Shorewall IPv4 firewall Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: disabled) Active: active (exited) since Tue 2026-01-13 09:48:45 EST; 1h 42min ago Process: 1042 ExecStart=/usr/sbin/shorewall $OPTIONS start $STARTOPTIONS (code=exited, status=0/SUCCESS) Main PID: 1042 (code=exited, status=0/SUCCESS) CGroup: /system.slice/shorewall.service Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Processing /etc/shorewall/tcclear ... Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Route Filtering... Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Martian Logging... Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Proxy ARP... Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Preparing iptables-restore input... Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Running /sbin/iptables-restore --wait 60... Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Processing /etc/shorewall/start ... Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Processing /etc/shorewall/started ... Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: done. Jan 13 09:48:45 leviathan.cypco.cl systemd[1]: Started Shorewall IPv4 firewall. Thx. El 2026-01-13 13:19, Rodrigo Araujo escribió: rcortes, can you confirm if you have "STARTUP_ENABLED=Yes" in /etc/shorewall/shorewall.conf ? Best regards. On Tue, 2026-01-13 at 11:11 -0500, Robert K Coffman Jr. -Info From Data Corp. wrote: Ok - what do the logs say after a reboot? One potential issue that might cause this is the status of any interfaces that are required but not ready when shorewall starts. On 1/13/2026 9:52:47 AM, rc...@ed... <mailto:rc...@ed...> wrote: Hi Robert, I'm using systemcl systemctl enable shorewall after install package. Thx. El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. escribió: How are you starting Shorewall after a reboot? On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: Hi Simon, i use shorewall from shorewall site reference, in this case 5.1.12 from https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ and 5.2.8 from https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. 5.2.8-12 start but dont work nat/dnat/proxyarp Thx El 2026-01-13 04:56, Simon Matter escribió: Hi, Hello everyone! Somebody know why or how to fix shorewall for not need clear and start after reboot? i have EL7 and shorewall 5.1.12, previously working with 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp dont work. Seems that your shorewall start is not working properly. Are you using a shorewall package from epel? If so you could check the changelog to see who has packaged it and ask directly? Regards, Simon _______________________________________________ Shorewall-users mailing list Sho...@li... <mailto:Sho...@li...> https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Robert K Coffman Jr. Info From Data Corp. 3307249000 su...@in... <mailto:su...@in...> _______________________________________________ Shorewall-users mailing list Sho...@li... <mailto:Sho...@li...> https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Sho...@li... <mailto:Sho...@li...> https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Sho...@li... <mailto:Sho...@li...> https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <rc...@ed...> - 2026-01-13 16:38:46
|
Hi Damjan, Then do you dont have any solution? only "fix" with cron job? Thx El 2026-01-13 13:35, da...@po... escribió: > Hi > > I had many times the same problem, even now I check 10 times to see if > shorewall is runing, > > I even add it startup in cron job to restart at boot. I use mostly > redhat. > > Regards > > From: rcortes--- via Shorewall-users > <sho...@li...> > Sent: Tuesday, January 13, 2026 5:32 PM > To: Shorewall Users <sho...@li...> > Cc: rc...@ed... > Subject: Re: [Shorewall-users] Shorewall need clear to work after > reboot > > is correct, startup is enable :) > > shorewall show startup ok > > [root@leviathan ~]# systemctl status shorewall > ● shorewall.service - Shorewall IPv4 firewall > Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; > vendor preset: disabled) > Active: active (exited) since Tue 2026-01-13 09:48:45 EST; 1h 42min ago > Process: 1042 ExecStart=/usr/sbin/shorewall $OPTIONS start > $STARTOPTIONS (code=exited, status=0/SUCCESS) > Main PID: 1042 (code=exited, status=0/SUCCESS) > CGroup: /system.slice/shorewall.service > > Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Processing > /etc/shorewall/tcclear ... > Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Route > Filtering... > Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Martian > Logging... > Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Proxy > ARP... > Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Preparing > iptables-restore input... > Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Running > /sbin/iptables-restore --wait 60... > Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Processing > /etc/shorewall/start ... > Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Processing > /etc/shorewall/started ... > Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: done. > Jan 13 09:48:45 leviathan.cypco.cl systemd[1]: Started Shorewall IPv4 > firewall. > > Thx. > > El 2026-01-13 13:19, Rodrigo Araujo escribió: > > rcortes, > > can you confirm if you have "STARTUP_ENABLED=Yes" in > /etc/shorewall/shorewall.conf ? > > Best regards. > > On Tue, 2026-01-13 at 11:11 -0500, Robert K Coffman Jr. -Info From Data > Corp. wrote: > > Ok - what do the logs say after a reboot? One potential issue that > might cause this is the status of any interfaces that are required but > not ready when shorewall starts. > > On 1/13/2026 9:52:47 AM, rc...@ed... wrote: > > Hi Robert, > > I'm using systemcl > > systemctl enable shorewall after install package. > > Thx. > > El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. > escribió: > > How are you starting Shorewall after a reboot? > > On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: > > Hi Simon, > > i use shorewall from shorewall site reference, in this case 5.1.12 from > https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ > and 5.2.8 from > https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ > > 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. > 5.2.8-12 start but dont work nat/dnat/proxyarp > > Thx > > El 2026-01-13 04:56, Simon Matter escribió: > > Hi, > > Hello everyone! > > Somebody know why or how to fix shorewall for not need clear and start > after reboot? i have EL7 and shorewall 5.1.12, previously working with > 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp > dont work. > > Seems that your shorewall start is not working properly. Are you using > a > shorewall package from epel? If so you could check the changelog to see > who has packaged it and ask directly? > > Regards, > Simon _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Robert K Coffman Jr. Info From Data Corp. 3307249000 su...@in... _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <rc...@ed...> - 2026-01-13 16:36:50
|
Hi Robert, Do you mean shorewall show log or other? Thx El 2026-01-13 13:11, Robert K Coffman Jr. -Info From Data Corp. escribió: > Ok - what do the logs say after a reboot? One potential issue that > might cause this is the status of any interfaces that are required but > not ready when shorewall starts. > > On 1/13/2026 9:52:47 AM, rc...@ed... wrote: > > Hi Robert, > > I'm using systemcl > > systemctl enable shorewall after install package. > > Thx. > > El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. > escribió: > > How are you starting Shorewall after a reboot? > > On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: Hi > Simon, > > i use shorewall from shorewall site reference, in this case 5.1.12 from > https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ > and 5.2.8 from > https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ > > 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. > 5.2.8-12 start but dont work nat/dnat/proxyarp > > Thx > > El 2026-01-13 04:56, Simon Matter escribió: > Hi, > > Hello everyone! > > Somebody know why or how to fix shorewall for not need clear and start > after reboot? i have EL7 and shorewall 5.1.12, previously working with > 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp > dont work. > Seems that your shorewall start is not working properly. Are you using > a > shorewall package from epel? If so you could check the changelog to see > who has packaged it and ask directly? > > Regards, > Simon _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Robert K Coffman Jr. Info From Data Corp. 3307249000 su...@in... _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Robert K Coffman Jr. Info From Data Corp. 3307249000 su...@in... _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <rc...@ed...> - 2026-01-13 16:32:46
|
Hi Rodrigo, firewalld is disable :) thx El 2026-01-13 13:23, Rodrigo Araujo escribió: > Another suggestion: ensure firewalld (or other firewall system/service > that may be present) is disabled/masked. It will clash with shorewall. > > On Tue, 2026-01-13 at 16:19 +0000, Rodrigo Araujo wrote: > rcortes, > > can you confirm if you have "STARTUP_ENABLED=Yes" in > /etc/shorewall/shorewall.conf ? > > Best regards. > > On Tue, 2026-01-13 at 11:11 -0500, Robert K Coffman Jr. -Info From Data > Corp. wrote: > > Ok - what do the logs say after a reboot? One potential issue that > might cause this is the status of any interfaces that are required but > not ready when shorewall starts. > > On 1/13/2026 9:52:47 AM, rc...@ed... wrote: > > Hi Robert, > > I'm using systemcl > > systemctl enable shorewall after install package. > > Thx. > > El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. > escribió: > > How are you starting Shorewall after a reboot? > > On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: > > Hi Simon, > > i use shorewall from shorewall site reference, in this case 5.1.12 from > https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ > and 5.2.8 from > https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ > > 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. > 5.2.8-12 start but dont work nat/dnat/proxyarp > > Thx > > El 2026-01-13 04:56, Simon Matter escribió: > > Hi, > > Hello everyone! > > Somebody know why or how to fix shorewall for not need clear and start > after reboot? i have EL7 and shorewall 5.1.12, previously working with > 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp > dont work. > > Seems that your shorewall start is not working properly. Are you using > a > shorewall package from epel? If so you could check the changelog to see > who has packaged it and ask directly? > > Regards, > Simon _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: <rc...@ed...> - 2026-01-13 16:32:00
|
is correct, startup is enable :)
shorewall show startup ok
[root@leviathan ~]# systemctl status shorewall
● shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled;
vendor preset: disabled)
Active: active (exited) since Tue 2026-01-13 09:48:45 EST; 1h 42min
ago
Process: 1042 ExecStart=/usr/sbin/shorewall $OPTIONS start
$STARTOPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1042 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/shorewall.service
Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Processing
/etc/shorewall/tcclear ...
Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Route
Filtering...
Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Martian
Logging...
Jan 13 09:48:44 leviathan.cypco.cl shorewall[1042]: Setting up Proxy
ARP...
Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Preparing
iptables-restore input...
Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Running
/sbin/iptables-restore --wait 60...
Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Processing
/etc/shorewall/start ...
Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: Processing
/etc/shorewall/started ...
Jan 13 09:48:45 leviathan.cypco.cl shorewall[1042]: done.
Jan 13 09:48:45 leviathan.cypco.cl systemd[1]: Started Shorewall IPv4
firewall.
Thx.
El 2026-01-13 13:19, Rodrigo Araujo escribió:
> rcortes,
>
> can you confirm if you have "STARTUP_ENABLED=Yes" in
> /etc/shorewall/shorewall.conf ?
>
> Best regards.
>
> On Tue, 2026-01-13 at 11:11 -0500, Robert K Coffman Jr. -Info From Data
> Corp. wrote:
>
> Ok - what do the logs say after a reboot? One potential issue that
> might cause this is the status of any interfaces that are required but
> not ready when shorewall starts.
>
> On 1/13/2026 9:52:47 AM, rc...@ed... wrote:
>
> Hi Robert,
>
> I'm using systemcl
>
> systemctl enable shorewall after install package.
>
> Thx.
>
> El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp.
> escribió:
>
> How are you starting Shorewall after a reboot?
>
> On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote:
>
> Hi Simon,
>
> i use shorewall from shorewall site reference, in this case 5.1.12 from
> https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/
> and 5.2.8 from
> https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/
>
> 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work.
> 5.2.8-12 start but dont work nat/dnat/proxyarp
>
> Thx
>
> El 2026-01-13 04:56, Simon Matter escribió:
>
> Hi,
>
> Hello everyone!
>
> Somebody know why or how to fix shorewall for not need clear and start
> after reboot? i have EL7 and shorewall 5.1.12, previously working with
> 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp
> dont work.
>
> Seems that your shorewall start is not working properly. Are you using
> a
> shorewall package from epel? If so you could check the changelog to see
> who has packaged it and ask directly?
>
> Regards,
> Simon
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
su...@in...
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
Sho...@li...
https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: Rodrigo A. <ara...@gm...> - 2026-01-13 16:23:26
|
Another suggestion: ensure firewalld (or other firewall system/service that may be present) is disabled/masked. It will clash with shorewall. On Tue, 2026-01-13 at 16:19 +0000, Rodrigo Araujo wrote: > rcortes, > > can you confirm if you have "STARTUP_ENABLED=Yes" in > /etc/shorewall/shorewall.conf ? > > Best regards. > > > On Tue, 2026-01-13 at 11:11 -0500, Robert K Coffman Jr. -Info From > Data Corp. wrote: > > > > Ok - what do the logs say after a reboot? One potential issue that > > might cause this is the status of any interfaces that are required > > but not ready when shorewall starts. > > > > On 1/13/2026 9:52:47 AM, rc...@ed... wrote: > > > > > > > > Hi Robert, > > > > > > > > > > > > > > > I'm using systemcl > > > > > > > > > > > > > > > systemctl enable shorewall after install package. > > > > > > > > > > > > > > > Thx. > > > > > > > > > > > > > > > El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. > > > escribió: > > > > > > > > > > > > > > > How are you starting Shorewall after a reboot? > > > > > > > > > > > > > > > > > > > > On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: > > > > > > > > > Hi Simon, > > > > > > > > > > i use shorewall from shorewall site reference, in this case > > > > > 5.1.12 from > > > > > https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ > > > > > and 5.2.8 from > > > > > https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ > > > > > > > > > > > > > > > 5.1.12 or 5.1.10 start but dont work, need apply clear/start > > > > > to work. > > > > > 5.2.8-12 start but dont work nat/dnat/proxyarp > > > > > > > > > > Thx > > > > > > > > > > El 2026-01-13 04:56, Simon Matter escribió: > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > Hello everyone! > > > > > > > > > > > > > > Somebody know why or how to fix shorewall for not need > > > > > > > clear and start > > > > > > > after reboot? i have EL7 and shorewall 5.1.12, > > > > > > > previously working with > > > > > > > 5.1.10 and try with 5.2.8-12 but shorewall start but > > > > > > > nat/dnat/proxyarp > > > > > > > dont work. > > > > > > > > > > > > Seems that your shorewall start is not working properly. > > > > > > Are you using a > > > > > > shorewall package from epel? If so you could check the > > > > > > changelog to see > > > > > > who has packaged it and ask directly? > > > > > > > > > > > > Regards, > > > > > > Simon > > > > > > > > > > > > > > > _______________________________________________ > > > > > Shorewall-users mailing list > > > > > Sho...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > |
|
From: Rodrigo A. <ara...@gm...> - 2026-01-13 16:20:02
|
rcortes, can you confirm if you have "STARTUP_ENABLED=Yes" in /etc/shorewall/shorewall.conf ? Best regards. On Tue, 2026-01-13 at 11:11 -0500, Robert K Coffman Jr. -Info From Data Corp. wrote: > > Ok - what do the logs say after a reboot? One potential issue that > might cause this is the status of any interfaces that are required > but not ready when shorewall starts. > > On 1/13/2026 9:52:47 AM, rc...@ed... wrote: > > > > > Hi Robert, > > > > > > > > > > I'm using systemcl > > > > > > > > > > systemctl enable shorewall after install package. > > > > > > > > > > Thx. > > > > > > > > > > El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. > > escribió: > > > > > > > > > > > How are you starting Shorewall after a reboot? > > > > > > > > > > > > > > > On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: > > > > > > > Hi Simon, > > > > > > > > i use shorewall from shorewall site reference, in this case > > > > 5.1.12 from > > > > https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ > > > > and 5.2.8 from > > > > https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ > > > > > > > > 5.1.12 or 5.1.10 start but dont work, need apply clear/start to > > > > work. > > > > 5.2.8-12 start but dont work nat/dnat/proxyarp > > > > > > > > Thx > > > > > > > > El 2026-01-13 04:56, Simon Matter escribió: > > > > > > > > > Hi, > > > > > > > > > > > > > > > > Hello everyone! > > > > > > > > > > > > Somebody know why or how to fix shorewall for not need > > > > > > clear and start > > > > > > after reboot? i have EL7 and shorewall 5.1.12, previously > > > > > > working with > > > > > > 5.1.10 and try with 5.2.8-12 but shorewall start but > > > > > > nat/dnat/proxyarp > > > > > > dont work. > > > > > > > > > > Seems that your shorewall start is not working properly. Are > > > > > you using a > > > > > shorewall package from epel? If so you could check the > > > > > changelog to see > > > > > who has packaged it and ask directly? > > > > > > > > > > Regards, > > > > > Simon > > > > > > > > > > > > _______________________________________________ > > > > Shorewall-users mailing list > > > > Sho...@li... > > > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > -- > > > Robert K Coffman Jr. > > > Info From Data Corp. > > > 3307249000 > > > su...@in... > > > > > > > > > > > > _______________________________________________ > > > Shorewall-users mailing list > > > Sho...@li... > > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > _______________________________________________ > Shorewall-users mailing list > Sho...@li... > https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2026-01-13 16:12:02
|
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Ok - what do the logs say after a reboot? One potential issue
that might cause this is the status of any interfaces that are
required but not ready when shorewall starts.</p>
<div class="moz-cite-prefix">On 1/13/2026 9:52:47 AM,
<a class="moz-txt-link-abbreviated" href="mailto:rc...@ed...">rc...@ed...</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:40c...@ed...">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Robert,</p>
<p><br>
</p>
<p>I'm using systemcl </p>
<p><br>
</p>
<p>systemctl enable shorewall after install package.</p>
<p><br>
</p>
<p>Thx.</p>
<p><br>
</p>
<p id="reply-intro">El 2026-01-13 10:30, Robert K Coffman Jr.
-Info From Data Corp. escribió:</p>
<blockquote type="cite"
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">
<div id="replybody1">
<p>How are you starting Shorewall after a reboot?</p>
<p><br>
</p>
<div class="v1moz-cite-prefix">On 1/13/2026 5:59:25 AM,
rcortes--- via Shorewall-users wrote:</div>
<blockquote type="cite"
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Hi
Simon, <br>
<br>
i use shorewall from shorewall site reference, in this case
5.1.12 from <a
class="v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/</a>
<br>
and 5.2.8 from <a
class="v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/</a>
<br>
<br>
5.1.12 or 5.1.10 start but dont work, need apply clear/start
to work. <br>
5.2.8-12 start but dont work nat/dnat/proxyarp <br>
<br>
Thx <br>
<br>
El 2026-01-13 04:56, Simon Matter escribió: <br>
<blockquote type="cite"
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Hi,
<br>
<br>
<blockquote type="cite"
style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">Hello
everyone! <br>
<br>
Somebody know why or how to fix shorewall for not need
clear and start <br>
after reboot? i have EL7 and shorewall 5.1.12,
previously working with <br>
5.1.10 and try with 5.2.8-12 but shorewall start but
nat/dnat/proxyarp <br>
dont work. </blockquote>
<br>
Seems that your shorewall start is not working properly.
Are you using a <br>
shorewall package from epel? If so you could check the
changelog to see <br>
who has packaged it and ask directly? <br>
<br>
Regards, <br>
Simon </blockquote>
<br>
<br>
_______________________________________________ <br>
Shorewall-users mailing list <br>
<a class="v1moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:Sho...@li..."
rel="noreferrer" moz-do-not-send="true">Sho...@li...</a>
<br>
<a class="v1moz-txt-link-freetext moz-txt-link-freetext"
href="https://lists.sourceforge.net/lists/listinfo/shorewall-users"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true">https://lists.sourceforge.net/lists/listinfo/shorewall-users</a>
</blockquote>
<pre class="v1moz-signature">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a class="v1moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:su...@in..." rel="noreferrer"
moz-do-not-send="true">su...@in...</a></pre>
</div>
<br>
<div class="pre"
style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br>
Shorewall-users mailing list<br>
<a href="mailto:Sho...@li..."
moz-do-not-send="true" class="moz-txt-link-freetext">Sho...@li...</a><br>
<a
href="https://lists.sourceforge.net/lists/listinfo/shorewall-users"
target="_blank" rel="noopener noreferrer"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/shorewall-users</a></div>
</blockquote>
</blockquote>
<pre class="moz-signature" cols="72">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre>
</body>
</html>
|
|
From: <rc...@ed...> - 2026-01-13 14:53:04
|
Hi Robert, I'm using systemcl systemctl enable shorewall after install package. Thx. El 2026-01-13 10:30, Robert K Coffman Jr. -Info From Data Corp. escribió: > How are you starting Shorewall after a reboot? > > On 1/13/2026 5:59:25 AM, rcortes--- via Shorewall-users wrote: Hi > Simon, > > i use shorewall from shorewall site reference, in this case 5.1.12 from > https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ > and 5.2.8 from > https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ > > 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. > 5.2.8-12 start but dont work nat/dnat/proxyarp > > Thx > > El 2026-01-13 04:56, Simon Matter escribió: > Hi, > > Hello everyone! > > Somebody know why or how to fix shorewall for not need clear and start > after reboot? i have EL7 and shorewall 5.1.12, previously working with > 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp > dont work. > Seems that your shorewall start is not working properly. Are you using > a > shorewall package from epel? If so you could check the changelog to see > who has packaged it and ask directly? > > Regards, > Simon _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Robert K Coffman Jr. Info From Data Corp. 3307249000 su...@in... _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users |
|
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2026-01-13 13:30:41
|
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>How are you starting Shorewall after a reboot?</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 1/13/2026 5:59:25 AM, rcortes--- via
Shorewall-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4de...@ed...">Hi Simon,
<br>
<br>
i use shorewall from shorewall site reference, in this case 5.1.12
from <a class="moz-txt-link-freetext" href="https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/">https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/</a>
<br>
and 5.2.8 from
<a class="moz-txt-link-freetext" href="https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/">https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/</a>
<br>
<br>
5.1.12 or 5.1.10 start but dont work, need apply clear/start to
work.
<br>
5.2.8-12 start but dont work nat/dnat/proxyarp
<br>
<br>
Thx
<br>
<br>
El 2026-01-13 04:56, Simon Matter escribió:
<br>
<blockquote type="cite">Hi,
<br>
<br>
<blockquote type="cite">Hello everyone!
<br>
<br>
Somebody know why or how to fix shorewall for not need clear
and start
<br>
after reboot? i have EL7 and shorewall 5.1.12, previously
working with
<br>
5.1.10 and try with 5.2.8-12 but shorewall start but
nat/dnat/proxyarp
<br>
dont work.
<br>
</blockquote>
<br>
Seems that your shorewall start is not working properly. Are you
using a
<br>
shorewall package from epel? If so you could check the changelog
to see
<br>
who has packaged it and ask directly?
<br>
<br>
Regards,
<br>
Simon
<br>
</blockquote>
<br>
<br>
_______________________________________________
<br>
Shorewall-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Sho...@li...">Sho...@li...</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/shorewall-users">https://lists.sourceforge.net/lists/listinfo/shorewall-users</a>
<br>
</blockquote>
<pre class="moz-signature" cols="72">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre>
</body>
</html>
|
|
From: <rc...@ed...> - 2026-01-13 10:59:43
|
Hi Simon, i use shorewall from shorewall site reference, in this case 5.1.12 from https://shorewall.org/pub/shorewall/5.1/shorewall-5.1.12/ and 5.2.8 from https://www.invoca.ch/pub/packages/shorewall/RPMS/ils-7/noarch/ 5.1.12 or 5.1.10 start but dont work, need apply clear/start to work. 5.2.8-12 start but dont work nat/dnat/proxyarp Thx El 2026-01-13 04:56, Simon Matter escribió: > Hi, > >> Hello everyone! >> >> Somebody know why or how to fix shorewall for not need clear and start >> after reboot? i have EL7 and shorewall 5.1.12, previously working >> with >> 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp >> dont work. > > Seems that your shorewall start is not working properly. Are you using > a > shorewall package from epel? If so you could check the changelog to see > who has packaged it and ask directly? > > Regards, > Simon |
|
From: Simon M. <sim...@in...> - 2026-01-13 08:15:16
|
Hi, > Hello everyone! > > Somebody know why or how to fix shorewall for not need clear and start > after reboot? i have EL7 and shorewall 5.1.12, previously working with > 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp > dont work. Seems that your shorewall start is not working properly. Are you using a shorewall package from epel? If so you could check the changelog to see who has packaged it and ask directly? Regards, Simon |
|
From: <rc...@ed...> - 2026-01-13 02:28:09
|
Hello everyone! Somebody know why or how to fix shorewall for not need clear and start after reboot? i have EL7 and shorewall 5.1.12, previously working with 5.1.10 and try with 5.2.8-12 but shorewall start but nat/dnat/proxyarp dont work. Thx. |
|
From: Frederico C W. <fr...@gm...> - 2025-11-24 12:02:05
|
Please ignore ,
Found out conflicting configuration with unmanaged interface.,
Thanks
Em 24/11/2025 08:19, Frederico C Wilhelms escreveu:
> Howdy y'all,
>
>
> I'm trying to code the SNPT/DNPT actions to shorewall 5.2.8, and
> having some hard time here.,
>
> the message on compile states:
>
> Generating Rule Matrix...
> Use of uninitialized value $to in split at
> /usr/share/shorewall/Shorewall/Chains.pm line 2774.
> Use of uninitialized value $target in hash element at
> /usr/share/shorewall/Shorewall/Chains.pm line 2775.
> Use of uninitialized value $target in hash element at
> /usr/share/shorewall/Shorewall/Chains.pm line 2776.
> Use of uninitialized value $to in concatenation (.) or string at
> /usr/share/shorewall/Shorewall/Chains.pm line 2776.
> ERROR: Unknown rule target () /etc/shorewall6/mangle (EOF)
>
>
> When looking into -D compile ,
>
> I can see
>
> Locating Action Files...
> .......
>
> IN===> DNPT builtin,mangle
> IN===> SNPT builtin,mangle
>
> ........
>
> Compiling /etc/shorewall6/mangle...
> IN===> IP6TABLES(DNPT --src-pfx fd19:b5cb:badc:f0f0::ffff:0/104
> --dst-pfx fd19:b5cb:badc:f0f0::/104 ):P vlan36_IF -
> NF-(A)-> mangle:tcpre:1 -A tcpre -i
> lxcbr3a.36 -j DNPT --src-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --dst-pfx
> fd19:b5cb:badc:f0f0::/104
> IN===> IP6TABLES(SNPT --dst-pfx fd19:b5cb:badc:f0f0::ffff:0/104
> --src-pfx fd19:b5cb:badc:f0f0::/104 ):T - vlan36_IF
> NF-(A)-> mangle:tcpost:1 -A tcpost -o
> lxcbr3a.36 -j SNPT --dst-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --src-pfx
> fd19:b5cb:badc:f0f0::/104
>
>
> ......
> Generating Rule Matrix...
> NF-(N)-> nat:z6ens1_dnat
> NF-(N)-> filter:~excl0
> NF-(!O4)-> filter:~excl0
> NF-(A)-> filter:~excl0:1 -A ~excl0 -d
> fd19:b5cb:badc:f0f0::ffff:0/112 -j RETURN
> NF-(A)-> filter:~excl0:2 -A ~excl0 -j ACCEPT
> SYS----> /sbin/ip6tables -w -F fooX792964
> SYS----> /sbin/ip6tables -w -X fooX792964
> SYS----> /sbin/ip6tables -w -F foo1X792964
> SYS----> /sbin/ip6tables -w -X foo1X792964
> SYS----> /sbin/ip6tables -w -t mangle -F fooX792964
> SYS----> /sbin/ip6tables -w -t mangle -X fooX792964
> SYS----> /sbin/ip6tables -w -t nat -F fooX792964
> ip6tables: No chain/target/match by that name.
> SYS----> /sbin/ip6tables -w -t nat -X fooX792964
> ip6tables: No chain/target/match by that name.
> SYS----> /sbin/ip6tables -w -t raw -F fooX792964
> SYS----> /sbin/ip6tables -w -t raw -X fooX792964
> ERROR: Unknown rule target () /etc/shorewall6/mangle (EOF) at
> /usr/share/shorewall/Shorewall/Config.pm line 1612.
> Shorewall::Config::fatal_error("Unknown rule target ()")
> called at /usr/share/shorewall/Shorewall/Chains.pm line 2776
> Shorewall::Chains::add_ijump_internal(HASH(0x55b4269739a8), "j",
> undef, 0, "", "o", "vlans") called at
> /usr/share/shorewall/Shorewall/Chains.pm line 2816
> Shorewall::Chains::add_ijump_extended(HASH(0x55b4269739a8), "j",
> undef, "", "o", "vlans") called at
> /usr/share/shorewall/Shorewall/Misc.pm line 1973
> Shorewall::Misc::add_output_jumps("z6ens1", "ens1_IF",
> HASH(0x55b42697fab0), "::/0", ARRAY(0x55b426982350), undef, "ens1_IF",
> "") called at /usr/share/shorewall/Shorewall/Misc.pm line 2344
> Shorewall::Misc::generate_matrix() called at
> /usr/share/shorewall/Shorewall/Compiler.pm line 860
> Shorewall::Compiler::compiler("script",
> "/var/lib/shorewall6/firewall", "directory", "", "verbosity", 1,
> "timestamp", 0, ...) called at /usr/share/shorewall/compiler.pl line 137
> eval() called 5 times
>
>
> I don't know where i'm doing wrong or what i'm missing.
>
>
> Thanks in advance,.
>
>
> And best regards,
>
>
> Fred
>
>
> ****<<< Files follow >>> ****
>
>
> root@rnvhost01:/etc/shorewall6# shorewall6 compile
> Compiling using Shorewall 5.2.8...
> Processing /etc/shorewall6/params ...
> Processing /etc/shorewall6/shorewall6.conf...
> Loading Modules...
> Compiling /etc/shorewall6/zones...
> Compiling /etc/shorewall6/interfaces...
> Compiling /etc/shorewall6/hosts...
> Determining Hosts in Zones...
> WARNING: *** z6tun0 is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
> WARNING: *** z6br0net is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
> Locating Action Files...
> Compiling /etc/shorewall6/policy...
> Adding rules for DHCP
> Compiling TCP Flags filtering...
> Compiling MAC Filtration -- Phase 1...
> Compiling MAC Filtration -- Phase 2...
> Applying Policies...
> Compiling /usr/share/shorewall/action.AllowICMPs for chain AllowICMPs...
> Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
> Compiling /usr/share/shorewall/action.Multicast for chain Multicast...
> Compiling /etc/shorewall6/mangle...
> ERROR: Invalid ACTION (IPTABLES) /etc/shorewall6/mangle (line 15)
> root@rnvhost01:/etc/shorewall6# vi mangle
> root@rnvhost01:/etc/shorewall6# shorewall6 compile
> Compiling using Shorewall 5.2.8...
> Processing /etc/shorewall6/params ...
> Processing /etc/shorewall6/shorewall6.conf...
> Loading Modules...
> Compiling /etc/shorewall6/zones...
> Compiling /etc/shorewall6/interfaces...
> Compiling /etc/shorewall6/hosts...
> Determining Hosts in Zones...
> WARNING: *** z6tun0 is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
> WARNING: *** z6br0net is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
> Locating Action Files...
> Compiling /etc/shorewall6/policy...
> Adding rules for DHCP
> Compiling TCP Flags filtering...
> Compiling MAC Filtration -- Phase 1...
> Compiling MAC Filtration -- Phase 2...
> Applying Policies...
> Compiling /usr/share/shorewall/action.AllowICMPs for chain AllowICMPs...
> Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
> Compiling /usr/share/shorewall/action.Multicast for chain Multicast...
> Compiling /etc/shorewall6/mangle...
> Generating Rule Matrix...
> Use of uninitialized value $to in split at
> /usr/share/shorewall/Shorewall/Chains.pm line 2774.
> Use of uninitialized value $target in hash element at
> /usr/share/shorewall/Shorewall/Chains.pm line 2775.
> Use of uninitialized value $target in hash element at
> /usr/share/shorewall/Shorewall/Chains.pm line 2776.
> Use of uninitialized value $to in concatenation (.) or string at
> /usr/share/shorewall/Shorewall/Chains.pm line 2776.
> ERROR: Unknown rule target () /etc/shorewall6/mangle (EOF)
> root@rnvhost01:/etc/shorewall6# ls -l
> total 48
> -rw-r--r-- 1 root root 872 nov 24 07:36 action.DNPT
> -rw-r--r-- 1 root root 336 nov 19 14:09 actions
> -rw-r--r-- 1 root root 873 nov 24 07:37 action.SNPT
> -rw-r----- 1 root root 954 jul 23 2024 conntrack
> -rw-r--r-- 1 root root 291 nov 19 13:39 hosts
> -rw-r--r-- 1 root root 1918 nov 24 07:33 interfaces
> -rw-r--r-- 1 root root 920 nov 24 07:38 mangle
> -rw-r----- 1 root root 560 jul 23 2024 params
> -rw-r--r-- 1 root root 1400 nov 19 14:26 policy
> -rw-r--r-- 1 root root 5181 jul 23 2024 shorewall6.conf
> -rw-r--r-- 1 root root 899 nov 24 07:09 zones
>
> ***
>
> root@rnvhost01:/etc/shorewall6# cat actions
> #
> # Shorewall6 version 5 - Actions.std File
> #
> # /usr/share/shorewall6/actions.std
> #
> # Please see https://shorewall.org/Actions.html for additional
> # information.
> #
> ###############################################################################
>
> #ACTION
> DNPT builtin,mangle #
> SNPT builtin,mangle #
> #
>
> ****
>
>
> root@rnvhost01:/etc/shorewall6# cat action.DNPT
> #
> # Shorewall6 -- /usr/share/shorewall6/action.mangletemplate
> #
> # This file is a template for files with names of the form
> # /etc/shorewall/action.<action-name> where <action> is an
> # ACTION defined with the mangle option in /etc/shorewall/actions.
> #
> # To define a new action:
> #
> # 1. Add the <action name> to /etc/shorewall6/actions with the mangle
> option
> # 2. Copy this file to /etc/shorewall6/action.<action name>
> # 3. Add the desired rules to that file.
> #
> # Please see https://shorewall.org/Actions.html for additional
> information.
> #
> # Columns are the same as in /etc/shorewall6/mangle.
> #
> ############################################################################################################################################################
>
> #ACTION SOURCE DEST PROTO DPORT SPORT USER
> TEST LENGTH TOS CONNBYTES HELPER HEADERS PROBABILITY DSCP
> DNPT - - - - -
>
>
> ****
>
>
>
> root@rnvhost01:/etc/shorewall6# cat action.SNPT
> #
> # Shorewall6 -- /usr/share/shorewall6/action.mangletemplate
> #
> # This file is a template for files with names of the form
> # /etc/shorewall/action.<action-name> where <action> is an
> # ACTION defined with the mangle option in /etc/shorewall/actions.
> #
> # To define a new action:
> #
> # 1. Add the <action name> to /etc/shorewall6/actions with the mangle
> option
> # 2. Copy this file to /etc/shorewall6/action.<action name>
> # 3. Add the desired rules to that file.
> #
> # Please see https://shorewall.org/Actions.html for additional
> information.
> #
> # Columns are the same as in /etc/shorewall6/mangle.
> #
> ############################################################################################################################################################
>
> #ACTION SOURCE DEST PROTO DPORT SPORT USER
> TEST LENGTH TOS CONNBYTES HELPER HEADERS PROBABILITY DSCP
> SNPT - - - - -
>
> ****
>
> root@rnvhost01:/etc/shorewall6# cat policy | grep -v '^$\|^#'
> fw all ACCEPT
> all fw ACCEPT
> z6ens1 all ACCEPT
> z6ens1loc all ACCEPT
> z6tun0 all ACCEPT
> z6br0 all ACCEPT
> z6br0net all ACCEPT
> z6LXCBR0 all ACCEPT
>
> all z6ens1 ACCEPT
> all z6ens1loc ACCEPT
> all z6tun0 ACCEPT
> all z6br0 ACCEPT
> all z6br0net ACCEPT
> all z6LXCBR0 ACCEPT
> all all REJECT $LOG_LEVEL
>
> *****
>
> root@rnvhost01:/etc/shorewall6# cat hosts
> #ZONE HOSTS OPTIONS
> z6ens1 ens1_IF:![fd19:b5cb:badc:f0f0::ffff:0/112]
> z6ens1loc ens1_IF:[fd19:b5cb:badc:f0f0::ffff:0/112]
> #
> z6br0 br0_IF:[fd19:b5cb:badc:f0f0::ff:0/112]
> # z6br0net br0_IF:!192.168.32.0/22
> z6LXCBR0 LXCBR0_IF:[fd19:b5cb:badc:f0f0::c0:5000/107]
>
> ***
>
> root@rnvhost01:/etc/shorewall6# cat zones
> #
> # Shorewall - Sample Zones File for three-interface configuration.
> # Copyright (C) 2006-2015 by the Shorewall Team
> #
> # This library is free software; you can redistribute it and/or
> # modify it under the terms of the GNU Lesser General Public
> # License as published by the Free Software Foundation; either
> # version 2.1 of the License, or (at your option) any later version.
> #
> # See the file README.txt for further details.
> #------------------------------------------------------------------------------
>
> # For information about entries in this file, type "man shorewall-zones"
> ###############################################################################
>
> #ZONE TYPE OPTIONS IN OUT
> # OPTIONS OPTIONS
> fw firewall
> z6ens1 ipv6
> z6ens1loc ipv6
> #loc6 ipv6
> #dmz6 ipv6
> z6tun0 ipv6
> #z6lan0 ipv6
> #z6bond0 ipv6
> z6br0 ipv6
> z6br0net ipv6
> # z6ens1 ipv6
> z6LXCBR0 ipv6
> z6lxcbr3 ipv6
> z6vlan36 ipv6
>
> ****
>
> #
> # Shorewall - Sample Interfaces File for three-interface configuration.
> # Copyright (C) 2006-2017 by the Shorewall Team
> #
> # This library is free software; you can redistribute it and/or
> # modify it under the terms of the GNU Lesser General Public
> # License as published by the Free Software Foundation; either
> # version 2.1 of the License, or (at your option) any later version.
> #
> # See the file README.txt for further details.
> #------------------------------------------------------------------------------
>
> # For information about entries in this file, type "man
> shorewall-interfaces"
> ###############################################################################
>
> ?FORMAT 2
> ###############################################################################
>
> #ZONE INTERFACE OPTIONS
> #net NET_IF
> tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
> #loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1
> #dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2
>
> #
> - tun0_IF dhcp,physical=tun0
> - lan0_IF dhcp,physical=lacp+
> #
> - ens1_IF unmanaged,physical=vlans
> z6vlan36 vlan36_IF physical=lxcbr3a.36
> #
> - br0_IF dhcp,physical=br0
> #
> - LXCBR0_IF dhcp,physical=lxcbr0
> #
> - LXCBR1_IF unmanaged,physical=lxcbr1a
> z6lxcbr3 LXCBR3_IF dhcp,physical=lxcbr3a
> #
> - bond0_IF unmanaged,physical=bond0
> - OVS_IF unmanaged,physical=ovsbr0+
>
> root@rnvhost01:/etc/shorewall6#
>
> *****
>
>
>
> ****
>
>
> root@rnvhost01:/etc/shorewall6# cat mangle
> #
> # Shorewall6 -- /etc/shorewall6/mangle
> #
> # For information about entries in this file, type "man
> shorewall6-mangle"
> #
> # See https://shorewall.org/traffic_shaping.htm for additional
> information.
> # For usage in selecting among multiple ISPs, see
> # https://shorewall.org/MultiISP.html
> #
> # See https://shorewall.org/PacketMarking.html for a detailed
> description of
> # the Netfilter/Shorewall packet marking mechanism.
> #
> ######################################################################################################################################################################
>
> #ACTION SOURCE DEST PROTO DPORT
> SPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS
> PROBABILITY DSCP SWITCH
> IP6TABLES(DNPT --src-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --dst-pfx
> fd19:b5cb:badc:f0f0::/104 ):P vlan36_IF -
> IP6TABLES(SNPT --dst-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --src-pfx
> fd19:b5cb:badc:f0f0::/104 ):T - vlan36_IF
>
>
>
>
> ***
>
>
> root@rnvhost01:/etc/shorewall6# grep -v '^$' shorewall6.conf
> ###############################################################################
>
> #
> # Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
> #
> # For information about the settings in this file, type "man
> shorewall6.conf"
> #
> # Manpage also online at
> # https://shorewall.org/manpages/shorewall.conf.html
> ###############################################################################
>
> # S T A R T U P E N A B L E D
> ###############################################################################
>
> STARTUP_ENABLED=Yes
> ###############################################################################
>
> # V E R B O S I T Y
> ###############################################################################
>
> VERBOSITY=1
> ###############################################################################
>
> # P A G E R
> ###############################################################################
>
> PAGER=
> ###############################################################################
>
> # F I R E W A L L
> ###############################################################################
>
> FIREWALL=
> ###############################################################################
>
> # L O G G I N G
> ###############################################################################
>
> LOG_LEVEL="info"
> BLACKLIST_LOG_LEVEL=
> INVALID_LOG_LEVEL=
> LOG_BACKEND=
> LOG_VERBOSITY=2
> LOG_ZONE=Both
> LOGALLNEW=
> LOGFILE=/var/log/messages
> LOGFORMAT="%s %s "
> LOGLIMIT="s:1/sec:10"
> LOGTAGONLY=No
> MACLIST_LOG_LEVEL="$LOG_LEVEL"
> RELATED_LOG_LEVEL=
> RPFILTER_LOG_LEVEL="$LOG_LEVEL"
> SFILTER_LOG_LEVEL="$LOG_LEVEL"
> SMURF_LOG_LEVEL="$LOG_LEVEL"
> STARTUP_LOG=/var/log/shorewall6-init.log
> TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
> UNTRACKED_LOG_LEVEL=
> ###############################################################################
>
> # L O C A T I O N O F F I L E S A N D D I R E C T O R I
> E S
> ###############################################################################
>
> CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
>
> GEOIPDIR=/usr/share/xt_geoip/LE
> IP6TABLES=
> IP=
> IPSET=
> LOCKFILE=
> MODULESDIR=
> NFACCT=
> PERL=/usr/bin/perl
> PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
> RESTOREFILE=restore
> SHOREWALL_SHELL=/bin/sh
> SUBSYSLOCK=""
> TC=
> ###############################################################################
>
> # D E F A U L T A C T I O N S / M A C R O S
> ###############################################################################
>
> ACCEPT_DEFAULT="none"
> BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
>
> DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
> NFQUEUE_DEFAULT="none"
> QUEUE_DEFAULT="none"
> REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
> ###############################################################################
>
> # R S H / R C P C O M M A N D S
> ###############################################################################
>
> RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
> RSH_COMMAND='ssh ${root}@${system} ${command}'
> ###############################################################################
>
> # F I R E W A L L O P T I O N S
> ###############################################################################
>
> ACCOUNTING=Yes
> ACCOUNTING_TABLE=filter
> ADMINISABSENTMINDED=Yes
> AUTOCOMMENT=Yes
> AUTOHELPERS=No
> AUTOMAKE=Yes
> BALANCE_PROVIDERS=No
> BASIC_FILTERS=No
> BLACKLIST="NEW,INVALID,UNTRACKED"
> CLAMPMSS=No
> CLEAR_TC=No
> COMPLETE=No
> DEFER_DNS_RESOLUTION=Yes
> DELETE_THEN_ADD=Yes
> DONT_LOAD=
> DYNAMIC_BLACKLIST=Yes
> EXPAND_POLICIES=Yes
> EXPORTMODULES=Yes
> FASTACCEPT=No
> FORWARD_CLEAR_MARK=Yes
> HELPERS=
> IGNOREUNKNOWNVARIABLES=No
> IMPLICIT_CONTINUE=No
> IPSET_WARNINGS=Yes
> IP_FORWARDING=Keep
> KEEP_RT_TABLES=Yes
> MACLIST_TABLE=filter
> MACLIST_TTL=
> MANGLE_ENABLED=Yes
> MARK_IN_FORWARD_CHAIN=No
> MINIUPNPD=No
> MUTEX_TIMEOUT=60
> OPTIMIZE=All
> OPTIMIZE_ACCOUNTING=No
> PERL_HASH_SEED=0
> REJECT_ACTION=
> RENAME_COMBINED=Yes
> REQUIRE_INTERFACE=No
> RESTART=restart
> RESTORE_DEFAULT_ROUTE=Yes
> RESTORE_ROUTEMARKS=Yes
> SAVE_IPSETS=No
> TC_ENABLED=Shared
> TC_EXPERT=No
> TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
> TRACK_PROVIDERS=Yes
> TRACK_RULES=No
> USE_DEFAULT_RT=Yes
> USE_NFLOG_SIZE=No
> USE_PHYSICAL_NAMES=No
> USE_RT_NAMES=No
> VERBOSE_MESSAGES=Yes
> WARNOLDCAPVERSION=Yes
> WORKAROUNDS=No
> ZERO_MARKS=No
> ZONE2ZONE=-
> ###############################################################################
>
> # P A C K E T D I S P O S I T I O N
> ###############################################################################
>
> BLACKLIST_DISPOSITION=DROP
> INVALID_DISPOSITION=CONTINUE
> MACLIST_DISPOSITION=REJECT
> RELATED_DISPOSITION=ACCEPT
> SFILTER_DISPOSITION=DROP
> RPFILTER_DISPOSITION=DROP
> SMURF_DISPOSITION=DROP
> TCP_FLAGS_DISPOSITION=DROP
> UNTRACKED_DISPOSITION=CONTINUE
> ################################################################################
>
> # P A C K E T M A R K L A Y O U T
> ################################################################################
>
> TC_BITS=
> PROVIDER_BITS=
> PROVIDER_OFFSET=
> MASK_BITS=
> ZONE_BITS=0
> #LAST LINE -- DO NOT REMOVE
> root@rnvhost01:/etc/shorewall6#
>
>
>
|
|
From: Frederico C W. <fr...@gm...> - 2025-11-24 11:19:21
|
Howdy y'all,
I'm trying to code the SNPT/DNPT actions to shorewall 5.2.8, and having
some hard time here.,
the message on compile states:
Generating Rule Matrix...
Use of uninitialized value $to in split at
/usr/share/shorewall/Shorewall/Chains.pm line 2774.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2775.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2776.
Use of uninitialized value $to in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Chains.pm line 2776.
ERROR: Unknown rule target () /etc/shorewall6/mangle (EOF)
When looking into -D compile ,
I can see
Locating Action Files...
.......
IN===> DNPT builtin,mangle
IN===> SNPT builtin,mangle
........
Compiling /etc/shorewall6/mangle...
IN===> IP6TABLES(DNPT --src-pfx fd19:b5cb:badc:f0f0::ffff:0/104
--dst-pfx fd19:b5cb:badc:f0f0::/104 ):P vlan36_IF -
NF-(A)-> mangle:tcpre:1 -A tcpre -i lxcbr3a.36
-j DNPT --src-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --dst-pfx
fd19:b5cb:badc:f0f0::/104
IN===> IP6TABLES(SNPT --dst-pfx fd19:b5cb:badc:f0f0::ffff:0/104
--src-pfx fd19:b5cb:badc:f0f0::/104 ):T - vlan36_IF
NF-(A)-> mangle:tcpost:1 -A tcpost -o
lxcbr3a.36 -j SNPT --dst-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --src-pfx
fd19:b5cb:badc:f0f0::/104
......
Generating Rule Matrix...
NF-(N)-> nat:z6ens1_dnat
NF-(N)-> filter:~excl0
NF-(!O4)-> filter:~excl0
NF-(A)-> filter:~excl0:1 -A ~excl0 -d
fd19:b5cb:badc:f0f0::ffff:0/112 -j RETURN
NF-(A)-> filter:~excl0:2 -A ~excl0 -j ACCEPT
SYS----> /sbin/ip6tables -w -F fooX792964
SYS----> /sbin/ip6tables -w -X fooX792964
SYS----> /sbin/ip6tables -w -F foo1X792964
SYS----> /sbin/ip6tables -w -X foo1X792964
SYS----> /sbin/ip6tables -w -t mangle -F fooX792964
SYS----> /sbin/ip6tables -w -t mangle -X fooX792964
SYS----> /sbin/ip6tables -w -t nat -F fooX792964
ip6tables: No chain/target/match by that name.
SYS----> /sbin/ip6tables -w -t nat -X fooX792964
ip6tables: No chain/target/match by that name.
SYS----> /sbin/ip6tables -w -t raw -F fooX792964
SYS----> /sbin/ip6tables -w -t raw -X fooX792964
ERROR: Unknown rule target () /etc/shorewall6/mangle (EOF) at
/usr/share/shorewall/Shorewall/Config.pm line 1612.
Shorewall::Config::fatal_error("Unknown rule target ()") called
at /usr/share/shorewall/Shorewall/Chains.pm line 2776
Shorewall::Chains::add_ijump_internal(HASH(0x55b4269739a8), "j", undef,
0, "", "o", "vlans") called at /usr/share/shorewall/Shorewall/Chains.pm
line 2816
Shorewall::Chains::add_ijump_extended(HASH(0x55b4269739a8), "j", undef,
"", "o", "vlans") called at /usr/share/shorewall/Shorewall/Misc.pm line 1973
Shorewall::Misc::add_output_jumps("z6ens1", "ens1_IF",
HASH(0x55b42697fab0), "::/0", ARRAY(0x55b426982350), undef, "ens1_IF",
"") called at /usr/share/shorewall/Shorewall/Misc.pm line 2344
Shorewall::Misc::generate_matrix() called at
/usr/share/shorewall/Shorewall/Compiler.pm line 860
Shorewall::Compiler::compiler("script",
"/var/lib/shorewall6/firewall", "directory", "", "verbosity", 1,
"timestamp", 0, ...) called at /usr/share/shorewall/compiler.pl line 137
eval() called 5 times
I don't know where i'm doing wrong or what i'm missing.
Thanks in advance,.
And best regards,
Fred
****<<< Files follow >>> ****
root@rnvhost01:/etc/shorewall6# shorewall6 compile
Compiling using Shorewall 5.2.8...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Compiling /etc/shorewall6/zones...
Compiling /etc/shorewall6/interfaces...
Compiling /etc/shorewall6/hosts...
Determining Hosts in Zones...
WARNING: *** z6tun0 is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
WARNING: *** z6br0net is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
Locating Action Files...
Compiling /etc/shorewall6/policy...
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling MAC Filtration -- Phase 1...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall/action.AllowICMPs for chain AllowICMPs...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Multicast for chain Multicast...
Compiling /etc/shorewall6/mangle...
ERROR: Invalid ACTION (IPTABLES) /etc/shorewall6/mangle (line 15)
root@rnvhost01:/etc/shorewall6# vi mangle
root@rnvhost01:/etc/shorewall6# shorewall6 compile
Compiling using Shorewall 5.2.8...
Processing /etc/shorewall6/params ...
Processing /etc/shorewall6/shorewall6.conf...
Loading Modules...
Compiling /etc/shorewall6/zones...
Compiling /etc/shorewall6/interfaces...
Compiling /etc/shorewall6/hosts...
Determining Hosts in Zones...
WARNING: *** z6tun0 is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
WARNING: *** z6br0net is an EMPTY ZONE *** /etc/shorewall6/hosts (EOF)
Locating Action Files...
Compiling /etc/shorewall6/policy...
Adding rules for DHCP
Compiling TCP Flags filtering...
Compiling MAC Filtration -- Phase 1...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Compiling /usr/share/shorewall/action.AllowICMPs for chain AllowICMPs...
Compiling /usr/share/shorewall/action.Broadcast for chain Broadcast...
Compiling /usr/share/shorewall/action.Multicast for chain Multicast...
Compiling /etc/shorewall6/mangle...
Generating Rule Matrix...
Use of uninitialized value $to in split at
/usr/share/shorewall/Shorewall/Chains.pm line 2774.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2775.
Use of uninitialized value $target in hash element at
/usr/share/shorewall/Shorewall/Chains.pm line 2776.
Use of uninitialized value $to in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Chains.pm line 2776.
ERROR: Unknown rule target () /etc/shorewall6/mangle (EOF)
root@rnvhost01:/etc/shorewall6# ls -l
total 48
-rw-r--r-- 1 root root 872 nov 24 07:36 action.DNPT
-rw-r--r-- 1 root root 336 nov 19 14:09 actions
-rw-r--r-- 1 root root 873 nov 24 07:37 action.SNPT
-rw-r----- 1 root root 954 jul 23 2024 conntrack
-rw-r--r-- 1 root root 291 nov 19 13:39 hosts
-rw-r--r-- 1 root root 1918 nov 24 07:33 interfaces
-rw-r--r-- 1 root root 920 nov 24 07:38 mangle
-rw-r----- 1 root root 560 jul 23 2024 params
-rw-r--r-- 1 root root 1400 nov 19 14:26 policy
-rw-r--r-- 1 root root 5181 jul 23 2024 shorewall6.conf
-rw-r--r-- 1 root root 899 nov 24 07:09 zones
***
root@rnvhost01:/etc/shorewall6# cat actions
#
# Shorewall6 version 5 - Actions.std File
#
# /usr/share/shorewall6/actions.std
#
# Please see https://shorewall.org/Actions.html for additional
# information.
#
###############################################################################
#ACTION
DNPT builtin,mangle #
SNPT builtin,mangle #
#
****
root@rnvhost01:/etc/shorewall6# cat action.DNPT
#
# Shorewall6 -- /usr/share/shorewall6/action.mangletemplate
#
# This file is a template for files with names of the form
# /etc/shorewall/action.<action-name> where <action> is an
# ACTION defined with the mangle option in /etc/shorewall/actions.
#
# To define a new action:
#
# 1. Add the <action name> to /etc/shorewall6/actions with the mangle option
# 2. Copy this file to /etc/shorewall6/action.<action name>
# 3. Add the desired rules to that file.
#
# Please see https://shorewall.org/Actions.html for additional information.
#
# Columns are the same as in /etc/shorewall6/mangle.
#
############################################################################################################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT USER
TEST LENGTH TOS CONNBYTES HELPER HEADERS PROBABILITY DSCP
DNPT - - - - -
****
root@rnvhost01:/etc/shorewall6# cat action.SNPT
#
# Shorewall6 -- /usr/share/shorewall6/action.mangletemplate
#
# This file is a template for files with names of the form
# /etc/shorewall/action.<action-name> where <action> is an
# ACTION defined with the mangle option in /etc/shorewall/actions.
#
# To define a new action:
#
# 1. Add the <action name> to /etc/shorewall6/actions with the mangle option
# 2. Copy this file to /etc/shorewall6/action.<action name>
# 3. Add the desired rules to that file.
#
# Please see https://shorewall.org/Actions.html for additional information.
#
# Columns are the same as in /etc/shorewall6/mangle.
#
############################################################################################################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT USER
TEST LENGTH TOS CONNBYTES HELPER HEADERS PROBABILITY DSCP
SNPT - - - - -
****
root@rnvhost01:/etc/shorewall6# cat policy | grep -v '^$\|^#'
fw all ACCEPT
all fw ACCEPT
z6ens1 all ACCEPT
z6ens1loc all ACCEPT
z6tun0 all ACCEPT
z6br0 all ACCEPT
z6br0net all ACCEPT
z6LXCBR0 all ACCEPT
all z6ens1 ACCEPT
all z6ens1loc ACCEPT
all z6tun0 ACCEPT
all z6br0 ACCEPT
all z6br0net ACCEPT
all z6LXCBR0 ACCEPT
all all REJECT $LOG_LEVEL
*****
root@rnvhost01:/etc/shorewall6# cat hosts
#ZONE HOSTS OPTIONS
z6ens1 ens1_IF:![fd19:b5cb:badc:f0f0::ffff:0/112]
z6ens1loc ens1_IF:[fd19:b5cb:badc:f0f0::ffff:0/112]
#
z6br0 br0_IF:[fd19:b5cb:badc:f0f0::ff:0/112]
# z6br0net br0_IF:!192.168.32.0/22
z6LXCBR0 LXCBR0_IF:[fd19:b5cb:badc:f0f0::c0:5000/107]
***
root@rnvhost01:/etc/shorewall6# cat zones
#
# Shorewall - Sample Zones File for three-interface configuration.
# Copyright (C) 2006-2015 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-zones"
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
z6ens1 ipv6
z6ens1loc ipv6
#loc6 ipv6
#dmz6 ipv6
z6tun0 ipv6
#z6lan0 ipv6
#z6bond0 ipv6
z6br0 ipv6
z6br0net ipv6
# z6ens1 ipv6
z6LXCBR0 ipv6
z6lxcbr3 ipv6
z6vlan36 ipv6
****
#
# Shorewall - Sample Interfaces File for three-interface configuration.
# Copyright (C) 2006-2017 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man
shorewall-interfaces"
###############################################################################
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
#net NET_IF
tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
#loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1
#dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2
#
- tun0_IF dhcp,physical=tun0
- lan0_IF dhcp,physical=lacp+
#
- ens1_IF unmanaged,physical=vlans
z6vlan36 vlan36_IF physical=lxcbr3a.36
#
- br0_IF dhcp,physical=br0
#
- LXCBR0_IF dhcp,physical=lxcbr0
#
- LXCBR1_IF unmanaged,physical=lxcbr1a
z6lxcbr3 LXCBR3_IF dhcp,physical=lxcbr3a
#
- bond0_IF unmanaged,physical=bond0
- OVS_IF unmanaged,physical=ovsbr0+
root@rnvhost01:/etc/shorewall6#
*****
****
root@rnvhost01:/etc/shorewall6# cat mangle
#
# Shorewall6 -- /etc/shorewall6/mangle
#
# For information about entries in this file, type "man shorewall6-mangle"
#
# See https://shorewall.org/traffic_shaping.htm for additional information.
# For usage in selecting among multiple ISPs, see
# https://shorewall.org/MultiISP.html
#
# See https://shorewall.org/PacketMarking.html for a detailed description of
# the Netfilter/Shorewall packet marking mechanism.
#
######################################################################################################################################################################
#ACTION SOURCE DEST PROTO DPORT
SPORT USER TEST LENGTH TOS CONNBYTES HELPER HEADERS
PROBABILITY DSCP SWITCH
IP6TABLES(DNPT --src-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --dst-pfx
fd19:b5cb:badc:f0f0::/104 ):P vlan36_IF -
IP6TABLES(SNPT --dst-pfx fd19:b5cb:badc:f0f0::ffff:0/104 --src-pfx
fd19:b5cb:badc:f0f0::/104 ):T - vlan36_IF
***
root@rnvhost01:/etc/shorewall6# grep -v '^$' shorewall6.conf
###############################################################################
#
# Shorewall Version 5 -- /etc/shorewall6/shorewall6.conf
#
# For information about the settings in this file, type "man
shorewall6.conf"
#
# Manpage also online at
# https://shorewall.org/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=Yes
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
# P A G E R
###############################################################################
PAGER=
###############################################################################
# F I R E W A L L
###############################################################################
FIREWALL=
###############################################################################
# L O G G I N G
###############################################################################
LOG_LEVEL="info"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="%s %s "
LOGLIMIT="s:1/sec:10"
LOGTAGONLY=No
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="$LOG_LEVEL"
SFILTER_LOG_LEVEL="$LOG_LEVEL"
SMURF_LOG_LEVEL="$LOG_LEVEL"
STARTUP_LOG=/var/log/shorewall6-init.log
TCP_FLAGS_LOG_LEVEL="$LOG_LEVEL"
UNTRACKED_LOG_LEVEL=
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IP6TABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PERL=/usr/bin/perl
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=No
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=No
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=Yes
HELPERS=
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=Yes
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MUTEX_TIMEOUT=60
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=No
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
SAVE_IPSETS=No
TC_ENABLED=Shared
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
SFILTER_DISPOSITION=DROP
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
#LAST LINE -- DO NOT REMOVE
root@rnvhost01:/etc/shorewall6#
|
|
From: tencnet <te...@ri...> - 2025-11-23 21:48:45
|
hello i should probably give you some background first) im a 23 year old from a semi rural indiana city-town) i just started learning about the more complicated aspects of computers not very long ago i have maybe a year on it) by now ive used an LLM for almost every bit of guidance that burning through instruction manuals cant help me with in this case you configuration files) --start up so i was setting up the fire wall not really knowing anything about how these nano files should be typed out asking the llm to do all of that hard stuff for me before coming to a point where i can ask questions about functionality and definition i got the wall working inevitably) but it was having the exact traffic shaping problem You might expect it to) so i ask the LLM why the network features on my computer are no longer working and it asked me to check its nat directory... i didnt have a nat directory) so i made one and it said be sure it looked like this [ -rw-r--r-- 1 root root 148 Nov 23 15:39 nat ] [ cat -v /etc/shorewall/nat #ACTION SOURCE DESTINATION PROTOCOL DEST PORTS Snat wlan0 net all - # Use `net` as the destination ] so i did) problematically; as i find will LLMs is they have a tendency to have you installing a disabled function in place of you desired applications) this eventually i could work out but the daily lines cut so i checked your website and found Your provided configuration information... and you have way more alien a shit than a nat file im still unaware of the use for) so i was hoping someone could point out these configurations to me im big on reading and rewriting or making Good instructions for things i cant tell how to use until after they work correctly) so if someone would help me id be glad to rewrite your websites (PRE NAT FILE CONFIGURATIONS BELLOW) [works but there is no connection] [ i have not tested my ether net ] ----------------------------------------------------------------------- sudo apt install shore wall -rw-r----- 1 root root 960 Jul 23 2024 conntrack -rw-r--r-- 1 root root 59 Nov 23 12:01 interfaces -rw-r----- 1 root root 623 Jul 23 2024 params -rw-r--r-- 1 root root 142 Nov 23 11:20 policy -rw-r--r-- 1 root root 182 Nov 23 11:32 rules -rw-r--r-- 1 root root 5329 Nov 23 11:09 shorewall.conf -rw-r--r-- 1 root root 78 Nov 23 11:28 zones sudo mkdir /etc/shorewall sudo nano /etc/shorewall/zones sudo nano /etc/shorewall/interfaces sudo nano /etc/shorewall/rules sudo nano /etc/shorewall/policy ------------------------------------------------------- cat -v /etc/shorewall/zones #ZONE TYPE OPTIONS fw firewall net ipv4 loc ipv4 ------------------------------------------------------- cat -v /etc/shorewall/interfaces #ZONE INTERFACE OPTIONS loc wlan0 ------------------------------------------------------- cat -v /etc/shorewall/policy # Source Destination Action Log level loc net ACCEPT net all DROP info all all REJECT ------------------------------------------------------- cat -v /etc/shorewall/rules #ACTION SOURCE DESTINATION PROTOCOL DEST PORTS ACCEPT loc net udp 53 # Allow DNS requests ACCEPT loc net tcp 80,443 # Allow HTTP and HTTPS from local to net ACCEPT net loc tcp 22 # Allow SSH access -------------------------------------------------------- sudo touch /var/log/shorewall.log sudo chown root:adm /var/log/shorewall.log sudo chmod 640 /var/log/shorewall.log sudo shorewall check sudo systemctl status shorewall.service / sudo systemctl status shorewall sudo systemctl enable shorewall sudo systemctl start shorewall |
310 messages has been excluded from this view by a project administrator.
