Package: shorewall
Version: 5.2.3.4-1
Shorewall fails to restart when configured to support DOCKER
and running libvirtd at the same time.
The issues seems to be that
LIBVIRT_PRT is handled as part of the DOCKER integration
but should be ignored by shorewall.
shorewall operations like stop or restart might fail with
iptables-restore v1.8.4 (legacy): Couldn't load target `LIBVIRT_PRT':No
such file or directory
Applying the upstream patch to filter out "LIBVIRT" in
save_docker_rules($) solves this problem.
PS. I am currently running Ubuntu 20.04,
but judging by the versions, my suggestion is to fix this in Debian.
Referenes:
*
https://sourceforge.net/p/shorewall/mailman/shorewall-users/thread/76d7724c-2507-ba6c-243a-6f82e0313ba3%40shorewall.net/#msg36925220
*
https://gitlab.com/shorewall/code/-/commit/31b558b7f9ce0becf775edc4e21dd6eff82aac09
*
https://gitlab.com/shorewall/release/-/blob/5.2.8/releasenotes.txt#L1051
Package versions:
ii shorewall 5.2.3.4-1
ii shorewall-core 5.2.3.4-1
ii shorewall6 5.2.3.4-1
ii libvirt-clients 6.0.0-0ubuntu8.15
ii libvirt-daemon 6.0.0-0ubuntu8.15
ii libvirt-daemon-driver-qemu 6.0.0-0ubuntu8.15
ii libvirt-daemon-system 6.0.0-0ubuntu8.15
ii libvirt-daemon-system-systemd 6.0.0-0ubuntu8.15
ii libvirt0:amd64 6.0.0-0ubuntu8.15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# iptables-save | grep LIBVIRT_PRT
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM
--checksum-fill
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# shorewall restart
Stopping Shorewall....
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore --wait 60...
iptables-restore v1.8.4 (legacy): Couldn't load target `LIBVIRT_PRT':No
such file or directory
Error occurred at line: 16
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
ERROR: /usr/sbin/iptables-restore --wait 60 Failed.
IPv4 Forwarding Enabled
done.
Starting Shorewall....
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore --wait 60...
iptables-restore v1.8.4 (legacy): Couldn't load target `LIBVIRT_PRT':No
such file or directory
Error occurred at line: 39
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
ERROR: iptables-restore Failed. Input is in
/var/lib/shorewall/.iptables-restore-input
Terminated
--
DI (FH) Raoul Bhatia MSc
E-Mail. ra...@bhatia.at
Tel. +43 699 10132530
