{{tag>shorewall troubleshooting}} ====== shorewall troubleshooting ====== ===== WARNING: Version Mismatch: Shorewall-core is version 5.2.3.2, while the Shorewall version is 5.2.4.5 /usr/share/shorewall/coreversion (EOF) ===== Reinstall shorewall: apt-get install --reinstall shorewall ===== TABLE_FLUSH failed (Device or resource busy): table raw ... logger: socket /dev/log: Connection refused ===== WARNING: Cannot set Martian logging on eth1 Preparing iptables-restore input... Running /sbin/iptables-restore ... iptables-restore v1.8.2 (nf_tables): line 4: TABLE_FLUSH failed (Device or resource busy): table raw ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input logger: socket /dev/log: Connection refused Preparing iptables-restore input... Running /sbin/iptables-restore... iptables-restore v1.8.2 (nf_tables): line 4: TABLE_FLUSH failed (Device or resource busy): table raw ERROR: /sbin/iptables-restore Failed. logger: socket /dev/log: Connection refused Reboot of server fixed above. ==== Tested on ==== * Debian 10.11 * shorewall 5.2.3.2 ===== iptables-restore: line failed/Chain '~comb2' does not exist ===== You can get this error on reload or restart. Try deleting the .start, .restart or .reload files in ///var/lib/shorewall/// etc: rm -f .iptables-restore-* .re* .start They will get regenerated on next ''shorewall start'' or ''shorewall restart'' If it still doesn't work you'll need to grep for the chain in iptables # iptables -nvL |grep comb2 0 0 ~comb2 0 -- br-+ * 0.0.0.0/0 0.0.0.0/0 0 0 ~comb2 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0 then try removing only those lines. Don't run iptables -F as that might lock you out of the system completely if there are ssh rules set. ===== Changes from rules.d directory are not reflected upon reload/restart ===== If you are adding rules to ///etc/shorewall/rules// file via [[https://shorewall.org/configuration_file_basics.htm#Embedded|embedded shell command]] i.e. ?SECTION NEW SHELL cat /etc/shorewall/rules.d/*.rules 2> /dev/null || true and the changes are not applied make sure that ''AUTOMAKE=No'' in ///etc/shorewall/shorewall.conf//. Check the [[https://manpages.debian.org/unstable/shorewall/shorewall.conf.5.en.html|man page]] for other possible values. ==== Tested on ==== * Debian 11.3 * shorewall 5.2.3.4 ====== See also ====== * [[drop_lots_ip_subnets_shorewall|Drop lots of IP subnets in shorewall]] * [[shorewall_rate_limiting_requests|shorewall rate limiting requests]] ====== References ======