| View previous topic :: View next topic |
| Author |
Message |
A.S. Pushkin
Guru
Joined: 09 Nov 2002
Posts: 418
Location: dx/dt, dy/dt, dz/dt, t
|
 Posted: Wed Jan 16, 2019 2:48 am Post subject: Shorewall config problem |
 |
|
When I run #shorewall start I get:
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
ERROR: Per-ip log rate limiting requires Hashlimit Match in your kernel and iptables /etc/shorewall/shorewall.conf (EOF)
I've tried to put this into my kernel, but no matter what I do the error persists.
I have only iptables installed at this point. What am I mssing or where in the kernle config is this.
My current kernel is 4.14.83-gentoo
Thanks
_________________
ASPushkin
"In a time of universal deceit - telling the truth is a revolutionary act." -- George Orwell |
|
| Back to top |
|
 |
cboldt
Veteran
Joined: 24 Aug 2005
Posts: 1046
|
| Posted: Wed Jan 16, 2019 10:27 am Post subject: |
|
|
In the kernel ....
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT
is at Networking support -> Networking options -> Network packet filtering framework (Netfilter) -> Core Netfilter Configuration
The menu item is ""hashlimit" match support"
There is a significant amount of kernel dependency. On my system, the dependencies work out as
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=m] && (\
IP6_NF_IPTABLES [=n] || IP6_NF_IPTABLES [=n]=n) && NETFILTER_ADVANCED [=y]
An alternative in your case, assuming you don't need or care about the limits enabled with this function (I don't use it, for what it's worth, and my homebrew firewall fends off a few thousand intrusion attempts a day), is to turn off the hashlimit option in shorewall. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
