Shorewall: iptables: No chain/target/match by that name.

Discussion:

Grant

2013-02-10 05:19:25 UTC

I'm getting the following when restarting shorewall:

# /etc/init.d/shorewall restart
* Stopping firewall ...
* Starting firewall ...
iptables: No chain/target/match by that name.

How can I find out which chain/target/match I need to compile into the
kernel? shorewall-init.log does not indicate any problems and I have
LOG_VERBOSITY=2 in shorewall.conf which is the maximum.

- Grant

Dan Johansson

2013-02-10 07:00:44 UTC

Permalink

Post by Grant
# /etc/init.d/shorewall restart
* Stopping firewall ...
* Starting firewall ...
iptables: No chain/target/match by that name.
How can I find out which chain/target/match I need to compile into the
kernel? shorewall-init.log does not indicate any problems and I have
LOG_VERBOSITY=2 in shorewall.conf which is the maximum.

I hade the same problem. Using "shorewall trace restart" I could figure
out which chain/target/match that was missing.

Regards.

--
Dan Johansson, <http://www.dmj.nu>
***************************************************
This message is printed on 100% recycled electrons!
***************************************************

c***@ccs.covici.com

2013-02-10 12:07:37 UTC

Permalink

Post by Dan Johansson

I hade the same problem. Using "shorewall trace restart" I could figure
out which chain/target/match that was missing.

I just do shorewall stop followed by shorewall start and get lots of
output and never get that message. They tell you if I remember
correctly this is the way to restart shorewall, not using an init
script.

--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?

John Covici
***@ccs.covici.com

Grant

2013-02-10 16:49:10 UTC

Permalink

Post by Dan Johansson

I hade the same problem. Using "shorewall trace restart" I could figure
out which chain/target/match that was missing.

Thanks, that got them. A couple oddities:

'shorewall trace restart' produced output the same as
shorewall-init.log which contained no info useful for this purpose.
However, 'shorewall trace restart > file.txt' sent completely
different output to file.txt which did contain all of the needed info.
How can that be?

I got a lot of "No such file or directory" lines in file.txt for stuff
like -j LOGMARK, -m condition, -m geoip, -m ipp2p, nfacct which I
can't find in the kernel. Numerous other miscellaneous errors there
too. Ignore them if they aren't outputted by the initscript?

- Grant

Grant

2013-02-10 17:07:29 UTC

Permalink

Post by Grant

Post by Dan Johansson

I hade the same problem. Using "shorewall trace restart" I could figure
out which chain/target/match that was missing.

'shorewall trace restart' produced output the same as
shorewall-init.log which contained no info useful for this purpose.
However, 'shorewall trace restart > file.txt' sent completely
different output to file.txt which did contain all of the needed info.
How can that be?

I didn't actually make the comparison between 'shorewall trace
restart' and 'shorewall trace restart > file.txt'. I only compared
the console output to the contents of file.txt after running the
single command 'shorewall trace restart > file.txt'. Considering
this, I think the above makes sense because it would have redirected
certain output to the file and only the remaining output would have
appeared on the console.

- Grant

Post by Grant
I got a lot of "No such file or directory" lines in file.txt for stuff
like -j LOGMARK, -m condition, -m geoip, -m ipp2p, nfacct which I
can't find in the kernel. Numerous other miscellaneous errors there
too. Ignore them if they aren't outputted by the initscript?
- Grant

Adam Carter

2013-02-11 03:56:18 UTC

Permalink

Post by Grant
How can that be

">" only captures STDOUT, not STDERR. So the file.txt should be a subset of
what's displayed on the console.