User Tools

Site Tools


wiki:shorewall_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
wiki:shorewall_troubleshooting [2022/03/18 12:32] – created antisawiki:shorewall_troubleshooting [2026/06/19 11:48] (current) – [iptables-restore: line <some number> failed/Chain '~comb2' does not exist] add flush warning and what to do antisa
Line 8: Line 8:
   apt-get install --reinstall shorewall   apt-get install --reinstall shorewall
  
 +
 +===== TABLE_FLUSH failed (Device or resource busy): table raw ... logger: socket /dev/log: Connection refused =====
 +
 +<code>
 +   WARNING: Cannot set Martian logging on eth1
 +Preparing iptables-restore input...
 +Running /sbin/iptables-restore ...
 +iptables-restore v1.8.2 (nf_tables): 
 +line 4: TABLE_FLUSH failed (Device or resource busy): table raw
 +   ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input
 +logger: socket /dev/log: Connection refused
 +Preparing iptables-restore input...
 +Running /sbin/iptables-restore...
 +iptables-restore v1.8.2 (nf_tables): 
 +line 4: TABLE_FLUSH failed (Device or resource busy): table raw
 +   ERROR: /sbin/iptables-restore Failed.
 +logger: socket /dev/log: Connection refused
 +</code>
 +
 +Reboot of server fixed above.
  
 ==== Tested on ==== ==== Tested on ====
Line 13: Line 33:
   * shorewall 5.2.3.2   * shorewall 5.2.3.2
  
-====== See also ====== 
  
 +===== iptables-restore: line <some number> failed/Chain '~comb2' does not exist =====
 +You can get this error on reload or restart. Try deleting the .start, .restart or .reload files in ///var/lib/shorewall/// etc:
 +
 +  rm -f .iptables-restore-* .re* .start
 +
 +They will get regenerated on next ''shorewall start'' or ''shorewall restart''
 +
 +If it still doesn't work you'll need to grep for the chain in iptables
 +  # iptables -nvL |grep comb2
 +  0     0 ~comb2        --  br-+         0.0.0.0/           0.0.0.0/          
 +  0     0 ~comb2        --  docker0 *       0.0.0.0/           0.0.0.0/  
 +
 +then try removing only those lines. 
 +<WRAP center round important 60%>
 +Don't run
 +  iptables -F
 +
 +as that might lock you out of the system completely if there are ssh rules set.
 +</WRAP>
 +
 +
 +===== Changes from rules.d directory are not reflected upon reload/restart =====
 +If you are adding rules to ///etc/shorewall/rules// file via [[https://shorewall.org/configuration_file_basics.htm#Embedded|embedded shell command]] i.e.
 +
 +
 +  ?SECTION NEW
 +  SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true
 +
 +and the changes are not applied make sure that ''AUTOMAKE=No'' in ///etc/shorewall/shorewall.conf//. Check the [[https://manpages.debian.org/unstable/shorewall/shorewall.conf.5.en.html|man page]] for other possible values.
 +==== Tested on ====
 +  * Debian 11.3
 +  * shorewall 5.2.3.4
 +
 +
 +====== See also ======
 +  * [[drop_lots_ip_subnets_shorewall|Drop lots of IP subnets in shorewall]]
 +  * [[shorewall_rate_limiting_requests|shorewall rate limiting requests]]
 ====== References ====== ====== References ======
  
  
wiki/shorewall_troubleshooting.1647606770.txt.gz · Last modified: by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki