Bug#973990: shorewall: Fails to start with "Couldn't load match `iface':No such file or directory"

Sun, 08 Nov 2020 08:51:45 -0800 

Package: shorewall
Version: 5.2.3.4-1
Severity: normal

Dear Maintainer,

I've accidentally noticed that /var/log/ulog/syslogemu.log is suspiciously
"quiet"... 

`shorewall status` says `Shorewall is stopped`. Trying to
launch manually with `shorewall start` I get this errous output:

```
Starting Shorewall....
Initializing...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
   WARNING: Optional Interface wlp4s0 is not usable -- wlp not Started
Preparing iptables-restore input...
Running /sbin/iptables-restore --wait 60...
iptables-restore v1.8.5 (nf_tables): Couldn't load match `iface':No such file 
or directory

Error occurred at line: 121
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
   ERROR: iptables-restore Failed. Input is in 
/var/lib/shorewall/.iptables-restore-input
Restoring Shorewall...
Initializing...
Setting up Route Filtering...
Setting up Martian Logging...
   WARNING: Optional Interface wlp4s0 is not usable -- wlp not Started
iptables-restore v1.8.5 (nf_tables): Couldn't load match `iface':No such file 
or directory

Error occurred at line: 105
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
done.
Shorewall restored from /var/lib/shorewall/restore
Terminated
```

I did not configuration changes for quite some time, so I assume some update on 
Sid broke Shorewall.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.9.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shorewall depends on:
ii  bc                     1.07.1-2+b2
ii  debconf [debconf-2.0]  1.5.74
ii  iproute2               5.9.0-1
ii  iptables               1.8.5-3
ii  lsb-base               11.1.0
ii  perl                   5.30.3-4
ii  shorewall-core         5.2.3.4-1

Versions of packages shorewall recommends:
ii  libnetfilter-cthelper0  1.0.0-1+b1

Versions of packages shorewall suggests:
ii  make           4.3-4
pn  shorewall-doc  <none>

-- Configuration Files:
/etc/default/shorewall changed:
startup=0
OPTIONS=""
STARTOPTIONS="-f"
RESTARTOPTIONS=""
RELOADOPTIONS=""
STOPOPTIONS=""
INITLOG=/dev/null
SAFESTOP=1

/etc/shorewall/conntrack [Errno 13] Permission denied: 
'/etc/shorewall/conntrack'
/etc/shorewall/params [Errno 13] Permission denied: '/etc/shorewall/params'
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
PAGER=
FIREWALL=
LOG_LEVEL="NFLOG"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/ulog/syslogemu.log
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="NFLOG:rpfilter"
SFILTER_LOG_LEVEL="NFLOG:sfilter"
SMURF_LOG_LEVEL="NFLOG:smurf"
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="NFLOG:fcpflags"
UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=No
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=Yes
DOCKER=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=ftp
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=Yes
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0


-- debconf information:
  shorewall/major_release:
  shorewall/dont_restart:
  shorewall/invalid_config:

Reply via email to