| 1 |
On Saturday, 18 April 2020 14:52:04 BST Wolf wrote: |
| 2 |
> > ERROR: Your kernel/iptables do not include state match support. No |
| 3 |
> > version |
| 4 |
> > |
| 5 |
> >of Shorewall will run on this system /usr/share/shorewall6/helpers (EOF) |
| 6 |
> > |
| 7 |
> >Shorewall refuses to specify which state is not being matched, and I can't |
| 8 |
> >find anything useful in my kernel config (gentoo-sources-5.4.28). The |
| 9 |
> >shorewall website is no help - it even announces that its kernel config |
| 10 |
> >page is not maintained - and google doesn't help either. |
| 11 |
> |
| 12 |
> This sounds like shorewall6 is looking for "state" match support for |
| 13 |
> iptables. |
| 14 |
> |
| 15 |
> The corresponding config option is CONFIG_NETFILTER_XT_MATCH_STATE, is |
| 16 |
> that option enabled in your kernel? |
| 17 |
|
| 18 |
# grep NETFILTER_XT_MATCH_STATE /usr/src/linux/.config |
| 19 |
CONFIG_NETFILTER_XT_MATCH_STATE=m |
| 20 |
|
| 21 |
So yes, it is. |
| 22 |
|
| 23 |
I'm confused by having two apparently different sets of IP filtering options. Do |
| 24 |
I need the NF set or the older one? |
| 25 |
|
| 26 |
-- |
| 27 |
Regards, |
| 28 |
Peter. |
Archives