Package: shorewall
Version: 4.6.4.3-2
Followup-For: Bug #773392
Dear Maintainer,
Same as OP. Applied Andy's solution which fixed the problem.
Best regards,
Alexandre Hoïde
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages shorewall depends on:
ii bc 1.06.95-9
ii debconf [debconf-2.0] 1.5.57
ii iproute 1:4.1.1-1
ii iproute2 4.1.1-1
ii iptables 1.4.21-2+b1
ii perl 5.20.2-6
ii shorewall-core 4.6.4.3-2
shorewall recommends no packages.
Versions of packages shorewall suggests:
ii make 4.0-8.2
ii shorewall-doc 4.6.4-1
-- Configuration Files:
/etc/default/shorewall changed:
startup=1
OPTIONS=""
STARTOPTIONS=""
RESTARTOPTIONS=""
INITLOG=/dev/null
SAFESTOP=1
/etc/init.d/shorewall changed:
.. /lib/lsb/init-functions
SRWL=/sbin/shorewall
SRWL_OPTS="-tvv"
WAIT_FOR_IFUP=/usr/share/shorewall/wait4ifup
test -n ${INITLOG:=/var/log/shorewall-init.log}
test -x $SRWL || exit 0
test -x $WAIT_FOR_IFUP || exit 0
test -n "$INITLOG" || {
echo "INITLOG cannot be empty, please configure $0" ;
exit 1;
}
if [ "$(id -u)" != "0" ]
then
echo "You must be root to start, stop or restart \"Shorewall firewall\"."
exit 1
fi
echo_notdone () {
if [ "$INITLOG" = "/dev/null" ] ; then
echo "not done."
else
echo "not done (check $INITLOG)."
fi
exit 1
}
not_configured () {
echo "#### WARNING ####"
echo "The firewall won't be started/stopped unless it is configured"
if [ "$1" != "stop" ]
then
echo ""
echo "Please read about Debian specific customization in"
echo "/usr/share/doc/shorewall/README.Debian.gz."
fi
echo "#################"
exit 0
}
.. /usr/share/shorewall/shorewallrc
if [ -f "${SYSCONFDIR}/shorewall" ]
then
. ${SYSCONFDIR}/shorewall
SRWL_OPTS="$SRWL_OPTS $OPTIONS"
if [ "$startup" != "1" ]
then
not_configured
fi
else
not_configured
fi
[ "$INITLOG" = "/dev/null" ] && SHOREWALL_INIT_SCRIPT=1 ||
SHOREWALL_INIT_SCRIPT=0
export SHOREWALL_INIT_SCRIPT
wait_for_pppd () {
if [ "$wait_interface" != "" ]
then
for i in $wait_interface
do
$WAIT_FOR_IFUP $i 90
done
fi
}
shorewall_start () {
echo -n "Starting \"Shorewall firewall\": "
wait_for_pppd
$SRWL $SRWL_OPTS start $STARTOPTIONS >> $INITLOG 2>&1 && echo "done." ||
echo_notdone
return 0
}
shorewall_stop () {
echo -n "Stopping \"Shorewall firewall\": "
if [ "$SAFESTOP" = 1 ]; then
$SRWL $SRWL_OPTS stop >> $INITLOG 2>&1 && echo "done." || echo_notdone
else
$SRWL $SRWL_OPTS clear >> $INITLOG 2>&1 && echo "done." || echo_notdone
fi
return 0
}
shorewall_restart () {
echo -n "Restarting \"Shorewall firewall\": "
$SRWL $SRWL_OPTS restart $RESTARTOPTIONS >> $INITLOG 2>&1 && echo "done." ||
echo_notdone
return 0
}
shorewall_refresh () {
echo -n "Refreshing \"Shorewall firewall\": "
$SRWL $SRWL_OPTS refresh >> $INITLOG 2>&1 && echo "done." || echo_notdone
return 0
}
shorewall_status () {
$SRWL $SRWL_OPTS status && exit 0 || exit $?
}
case "$1" in
start)
shorewall_start
;;
stop)
shorewall_stop
;;
refresh)
shorewall_refresh
;;
force-reload|restart)
shorewall_restart
;;
status)
shorewall_status
;;
*)
echo "Usage: /etc/init.d/shorewall
{start|stop|refresh|restart|force-reload|status}"
exit 1
esac
exit 0
/etc/shorewall/conntrack [Errno 13] Permission non accordée:
u'/etc/shorewall/conntrack'
/etc/shorewall/params [Errno 13] Permission non accordée:
u'/etc/shorewall/params'
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE=/var/log/messages
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL=info
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=
TC=
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
BASIC_FILTERS=No
IGNOREUNKNOWNVARIABLES=No
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IMPLICIT_CONTINUE=No
INLINE_MATCHES=Yes
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=0
OPTIMIZE_ACCOUNTING=No
REJECT_ACTION=
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=No
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
WARNOLDCAPVERSION=Yes
ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
IPSECFILE=zones
-- debconf information:
shorewall/dont_restart:
shorewall/invalid_config:
shorewall/major_release:
