Problem starting shorewall6 (or possibly shorewall) on boot

Wed, 09 Oct 2013 11:40:49 -0700 

Hello!

When I boot my machine something like the following is printed:

[   50.220571] xt_addrtype: ipv6 does not support BROADCAST matching
Starting "Shorewall firewall": not done.
Starting "Shorewall6 firewall": not done.
[FAIL] startpar: service(s) returned failure: shorewall shorewall6 ... failed!

(Copied from tty to paper to mail so it may not be verbatim, the only
part of it I can find in my logs is: "[   50.220571] xt_addrtype: ipv6
does not support BROADCAST matching". Also, the timing of the
xt_addrtype messages varies somewhat... )


After boot my ip{,6}tables look like this:

% sudo iptables -L -n -v
Chain INPUT (policy DROP 343 packets, 21602 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
 4705  624K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         ctstate RELATED,ESTABLISHED
  416 28236 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0   
         udp dpts:67:68
    0     0 ACCEPT     udp  --  tun0   *       0.0.0.0/0            0.0.0.0/0   
         udp dpts:67:68
    0     0 ACCEPT     udp  --  vpn0   *       0.0.0.0/0            0.0.0.0/0   
         udp dpts:67:68

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  eth0   eth0    0.0.0.0/0            0.0.0.0/0   
         udp dpts:67:68
    0     0 ACCEPT     udp  --  tun0   tun0    0.0.0.0/0            0.0.0.0/0   
         udp dpts:67:68
    0     0 ACCEPT     udp  --  vpn0   vpn0    0.0.0.0/0            0.0.0.0/0   
         udp dpts:67:68

Chain OUTPUT (policy ACCEPT 8425 packets, 1006K bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
% sudo ip6tables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
   96 27292 ACCEPT     all      *      *       ::/0                 ::/0        
         ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all      *      *       fe80::/10            ::/0        
        
    0     0 ACCEPT     all      *      *       ::/0                 fe80::/10   
        
    0     0 ACCEPT     all      *      *       ::/0                 ff00::/8    
        
   29  2580 ACCEPT     all      lo     *       ::/0                 ::/0        
        

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
    0     0 ACCEPT     all      *      *       ::/0                 ::/0        
         ctstate RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 134 packets, 30472 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        


At this point starting shorewall-init, shorewall and shorewall6 produces
no errors:

% sudo service shorewall-init start
Initializing "Shorewall-based firewalls": Stopping Shorewall....
done.
Stopping Shorewall6....
done.
done.
% sudo service shorewall start     
Starting "Shorewall firewall": done.
% sudo service shorewall6 start
Starting "Shorewall6 firewall": done.

and results in shorewall populated ip{,6}tables which I will only send
if asked in order to keep the noise down.


I'd very much appreciate suggestions for provoking troubleshooting this,
ideally ways to provoke it after boot.

Best regards
/Ulrik Haugen


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87iox7sdb4....@lydia.haugen.se

Reply via email to