Hi Boris

Am 12.05.2020 um 19:09 schrieb Boris:
> Am 12.05.20 um 19:06 schrieb Boris:
...

>>
> 
> agate# shorewall check
> Checking using Shorewall 5.2.3.4...
> Processing /etc/shorewall/params ...
> Processing /etc/shorewall/shorewall.conf...
>    ERROR: CLAMPMSS=Yes requires TCPMSS Target in your kernel and
> iptables /etc/shorewall/shorewall.conf (EOF)
> 

What is your current release on that box? I was preetty sure TCPMSS was
selected, but it might be a module.

On 6.2.4, which I am running on my peripheral box,

SALT# lsmod | grep xt_TCPMSS
xt_TCPMSS 16384 1 - Live 0xc0b69000
x_tables 20480 18
ipt_MASQUERADE,xt_recent,xt_comment,ipt_REJECT,xt_addrtype,xt_physdev,xt_mark,iptable_mangle,xt_TCPMSS,xt_tcpudp,xt_CT,iptable_raw,xt_multiport,xt_conntrack,xt_NFLOG,xt_LOG,iptable_filter,ip_tables,
Live 0xc08f9000

It looks like xt_TCPMSS is a module and was not loaded at shorewall start.

Try

mount_modules
shorewall check
umount_modules

Else you will have to restart shorewall or just temporarily load the module.

mount_modules
modprobe xt_TCPMSS
umount_modules

cheers

ET


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to