ERROR: Your kernel/iptables do not include state match support. No version
of Shorewall will run on this system /usr/share/shorewall6/helpers (EOF)
Shorewall refuses to specify which state is not being matched, and I can't find
anything useful in my kernel config (gentoo-sources-5.4.28). The shorewall
website is no help - it even announces that its kernel config page is not
maintained - and google doesn't help either.
This sounds like shorewall6 is looking for "state" match support for
iptables.
The corresponding config option is CONFIG_NETFILTER_XT_MATCH_STATE, is
that option enabled in your kernel?
--
Wolf
