On Saturday, 18 April 2020 14:52:04 BST Wolf wrote: > > ERROR: Your kernel/iptables do not include state match support. No > > version > > > >of Shorewall will run on this system /usr/share/shorewall6/helpers (EOF) > > > >Shorewall refuses to specify which state is not being matched, and I can't > >find anything useful in my kernel config (gentoo-sources-5.4.28). The > >shorewall website is no help - it even announces that its kernel config > >page is not maintained - and google doesn't help either. > > This sounds like shorewall6 is looking for "state" match support for > iptables. > > The corresponding config option is CONFIG_NETFILTER_XT_MATCH_STATE, is > that option enabled in your kernel?
# grep NETFILTER_XT_MATCH_STATE /usr/src/linux/.config CONFIG_NETFILTER_XT_MATCH_STATE=m So yes, it is. I'm confused by having two apparently different sets of IP filtering options. Do I need the NF set or the older one? -- Regards, Peter.
