Bug#340748: shorewall: [v3] ERROR: Only one firewall zone may be defined

Fri, 25 Nov 2005 08:48:07 -0800 

Package: shorewall
Version: 3.0.1-1
Severity: important

After upgrade to v4 shorewall I changed the zone file to (ipsecfile is
empty):

    #ZONE   TYPE            OPTIONS

    fw      firewall        
    net     ipv4            
    loc     ipv4            

Which is assumed to be correect according to releasenotes.txt.gz
and http://www.shorewall.net/Documentation.htm#Zones

        ZONE            Short name of the zone (5 Characters or less in
                        length). The names "all" and "none" are
                        reserved and may not be used as zone names.

        TYPE    ipv4 -  This is the standard Shorewall zone type and is
                        the default if the column is left empty or if
                        it is entered as "-".  Communication with some
                        zone hosts may be encrypted. Encrypted hosts
                        are designated using the 'ipsec' option in
                        /etc/shorewall/hosts.
                ipsec - Communication with all zone hosts is encrypted
                        Your kernel and iptables must include policy
                        match support.
                firewall
                      - Designates the firewall itself. You must have
                        exactly one 'firewall' zone. No options are
                        permitted with a 'firewall' zone.

However, the firewall log  /var/log/shorewall-init.log reads:

    Shorewall has detected the following iptables/netfilter capabilities:
       NAT: Available
       Packet Mangling: Available
       Multi-port Match: Available
       Extended Multi-port Match: Available
       Connection Tracking Match: Available
       Packet Type Match: Available
       Policy Match: Not available
       Physdev Match: Available
       IP range Match: Available
       Recent Match: Available
       Owner Match: Available
       Ipset Match: Not available
       CONNMARK Target: Available
       Connmark Match: Available
       Raw Table: Available
       CLASSIFY Target: Available
    Determining Zones...
       ERROR: Only one firewall zone may be defined

Please clarify how to bring up working firewall after upgrade

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)

Versions of packages shorewall depends on:
ii  debconf [debconf-2.0]         1.4.59     Debian configuration management sy
ii  iproute                       20041019-4 Professional tools to control the 
ii  iptables                      1.3.3-2    Linux kernel 2.4+ iptables adminis

Versions of packages shorewall recommends:
ii  wget                          1.10.2-1   retrieves files from the web

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to