You are not logged in.
With the latest kernel upgrade, shorewall started to FAIL on start up.
I finally found a hint on Shorewall's site. It appears the new kernel has the NEW_CONNTRACK_MATCH capability (I am assuming that this is part of IPTABLES.)
Anyways, if you create a capabilities file in /etc/shorewall you can disable its use by shorewall.
shorewall show -f capabilities >/etc/shorewall/capabilities
edit /etc/shorewall/capabilities
NEW_CONNTRACK_MATCH=Yes
to
NEW_CONNTRACK_MATCH=
Shorewall started working again for me.
Note the error message from shorewall was:
Setting up Accept Source Routing...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore...
iptables-restore v1.4.2: conntrack: Bad value for "--ctorigdstport" option: "www"
Error occurred at line: 162
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input
Processing /etc/shorewall/stop ...
Note, I upgraded Shorewall to the latest version having seen a similar error message being fixed in that release (4.2.5). It still did not help me.
Offline