I'm concerned firewall isn't working. Solved.

[benbullard79]

This has bothered me since Mandriva 2011 and persists in ROSA Fresh. I can't get rid of the check by 'Everything' in drakfirewall. Why is this? It's gotta be bothering others as well. There's also this from cli:

Код: Выделить всё

# drakfirewall

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overriden by native
      systemd configuration.

Job for shorewall.service failed. See 'systemctl status shorewall.service' and 'journalctl' for details.

# systemctl status shorewall.service
shorewall.service - Shorewall IPv4 firewall
          Loaded: loaded (/lib/systemd/system/shorewall.service; enabled)
          Active: failed (Result: exit-code) since Sat, 06 Apr 2013 18:18:19 -0500; 25s ago
        Main PID: 32392 (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/shorewall.service

Apr 06 18:18:19 localhost.localdomain systemd[1]: Starting Shorewall IPv4 firewall...
Apr 06 18:18:19 localhost.localdomain shorewall[32392]: Compiling...
Apr 06 18:18:19 localhost.localdomain shorewall[32392]: Processing /etc/shorewall/params ...
Apr 06 18:18:19 localhost.localdomain shorewall[32392]: Processing /etc/shorewall/shorewall.conf...
Apr 06 18:18:19 localhost.localdomain shorewall[32392]: Loading Modules...
Apr 06 18:18:19 localhost.localdomain shorewall[32392]: ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system
Apr 06 18:18:19 localhost.localdomain systemd[1]: Failed to start Shorewall IPv4 firewall.

That looks like no firewall to me. Am I wrong? How to enable firewall?

[akdengi]

Run

Код: Выделить всё

iptables --list

If firewall disabled, iptables return something like this

Код: Выделить всё

iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

Then run firewall setup and then run iptables --list again...

Did you see any change in output?

If iptables rules changed, restart you system and see again - if rules applyed, firewall work fine.

[benbullard79]

This is what I'm getting:

Код: Выделить всё

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
        
# drakefirewall
 No command 'drakefirewall' found, did you mean:
  Command 'drakfirewall' from package 'drakx-net-text' (main)

# drakfirewall

Note: This output shows SysV services only and does not include native
      systemd services. SysV configuration data might be overriden by native
      systemd configuration.

Job for shorewall.service failed. See 'systemctl status shorewall.service' and 'journalctl' for details.

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[akdengi]

M...

Try running

Код: Выделить всё

/usr/lib/iptables.init start

or for 64 bit

Код: Выделить всё

/usr/lib64/iptables.init start

and then restart shorewall

[benbullard79]

Like this?

Код: Выделить всё

# /usr/lib64/iptables.init start
Applying iptables firewall rules: 
                                                                                                                      [  OK  ]
# systemctl restart shorewall.service

# systemctl status shorewall.service
shorewall.service - Shorewall IPv4 firewall
          Loaded: loaded (/lib/systemd/system/shorewall.service; enabled)
          Active: active (exited) since Wed, 10 Apr 2013 06:26:05 -0500; 20s ago
         Process: 22904 ExecStop=/sbin/shorewall $OPTIONS stop (code=exited, status=0/SUCCESS)
         Process: 23100 ExecStart=/sbin/shorewall $OPTIONS start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/shorewall.service

Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Setting up Route Filtering...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Setting up Martian Logging...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Setting up Proxy ARP...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Setting up Traffic Control...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Preparing iptables-restore input...ve ma
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Running /sbin/iptables-restore...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Processing /etc/shorewall/start ...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: Processing /etc/shorewall/started ...
Apr 10 06:26:05 localhost.localdomain shorewall[23100]: done.
Apr 10 06:26:05 localhost.localdomain systemd[1]: Started Shorewall IPv4 firewall.

If I'm not mistaken I've made progress! And learned something. And have some commands to save in my cheat file.

[akdengi]

Add to Errata page: http://wiki.rosalab.ru/en/index.php/Err ... l_not_work

[benbullard79]

akdengi thanks for your help.