Bug#1029403: shorewall: fails to start with "Couldn't load match `iface':No such file or directory"

Sun, 22 Jan 2023 04:51:15 -0800 

Package: shorewall
Version: 5.2.3.4-1
Severity: grave
Justification: renders package unusable

Dear Maintainer,

It seems Shorewall no longer works in Sid:

```
$ sudo shorewall start
Starting Shorewall....
Initializing...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
   WARNING: Optional Interface wlp4s0 is not usable -- wlp not Started
Preparing iptables-restore input...
Running /sbin/iptables-restore --wait 60...
iptables-restore v1.8.9 (nf_tables): Couldn't load match `iface':No such file 
or directory

Error occurred at line: 121
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
   ERROR: iptables-restore Failed. Input is in 
/var/lib/shorewall/.iptables-restore-input
Restoring Shorewall...
Initializing...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
   WARNING: Optional Interface wlp4s0 is not usable -- wlp not Started
iptables-restore v1.8.9 (nf_tables): Couldn't load match `iface':No such file 
or directory

Error occurred at line: 118
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
done.
```



-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE=lt
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shorewall depends on:
ii  bc                         1.07.1-3+b1
ii  debconf [debconf-2.0]      1.5.82
ii  iproute2                   6.1.0-1
ii  iptables                   1.8.9-2
ii  perl                       5.36.0-7
ii  shorewall-core             5.2.3.4-1
ii  sysvinit-utils [lsb-base]  3.06-2

Versions of packages shorewall recommends:
ii  libnetfilter-cthelper0  1.0.1-1

Versions of packages shorewall suggests:
ii  make           4.3-4.1
pn  shorewall-doc  <none>

-- Configuration Files:
/etc/default/shorewall changed:
startup=0
OPTIONS=""
STARTOPTIONS="-f"
RESTARTOPTIONS=""
RELOADOPTIONS=""
STOPOPTIONS=""
INITLOG=/dev/null
SAFESTOP=1

/etc/shorewall/conntrack [Errno 13] Permission denied: 
'/etc/shorewall/conntrack'
/etc/shorewall/params [Errno 13] Permission denied: '/etc/shorewall/params'
/etc/shorewall/shorewall.conf changed:
STARTUP_ENABLED=Yes
VERBOSITY=1
PAGER=
FIREWALL=
LOG_LEVEL="NFLOG"
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOG_ZONE=Both
LOGALLNEW=
LOGFILE=/var/log/ulog/syslogemu.log
LOGFORMAT="%s %s "
LOGTAGONLY=No
LOGLIMIT="s:1/sec:10"
MACLIST_LOG_LEVEL="$LOG_LEVEL"
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL="NFLOG:rpfilter"
SFILTER_LOG_LEVEL="NFLOG:sfilter"
SMURF_LOG_LEVEL="NFLOG:smurf"
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL="NFLOG:fcpflags"
UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
ACCEPT_DEFAULT="none"
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT="none"
QUEUE_DEFAULT="none"
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes
AUTOHELPERS=No
AUTOMAKE=Yes
BALANCE_PROVIDERS=No
BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=Yes
DOCKER=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=ftp
IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=Keep
KEEP_RT_TABLES=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MULTICAST=No
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=All
OPTIMIZE_ACCOUNTING=No
PERL_HASH_SEED=0
REJECT_ACTION=
RENAME_COMBINED=Yes
REQUIRE_INTERFACE=Yes
RESTART=restart
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=Yes
TRACK_RULES=No
USE_DEFAULT_RT=Yes
USE_NFLOG_SIZE=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
VERBOSE_MESSAGES=Yes
WARNOLDCAPVERSION=Yes
WORKAROUNDS=No
ZERO_MARKS=No
ZONE2ZONE=-
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0


-- debconf information:
  shorewall/invalid_config:
  shorewall/major_release:
  shorewall/dont_restart:

Reply via email to