| Summary: | shorewall fails to start - wrong entry in /etc/shorewall*/interfaces | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | GG HH <boulshet> |
| Component: | RPM Packages | Assignee: | All Packagers <pkg-bugs> |
| Status: | NEW --- | QA Contact: | |
| Severity: | major | ||
| Priority: | Normal | CC: | boulshet, davidwhodgins, marja11 |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | shorewall-5.2.8-4.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
GG HH
2023-02-04 13:01:12 CET
CC:
(none) =>
boulshet Assigning to all packagers collectively, since there is no registered maintainer for this package. CC:
(none) =>
marja11 is has occurred again. don't know if it's related but it was after a kernel crash. I have crashes quite often those days * and it is possible that the previous shorewall events where also related to reboots after crashes. * My wifi is not stable under network load. I have temporary switched to ethernet and i am trying from time to time if things have improoved... My recommendation. Uninstall mandi-ifw and mandi. For both /etc/shorewall/interfaces and /etc/shorewall6/interfaces put a line ... net + detect as the only non commented line. The + for the interface name means any network interface. Once that's done, never use drakfirewall or drakfirewall6. I suspect bug 8960 may have been reintroduced. Regards, Dave Hodgins CC:
(none) =>
davidwhodgins
thanks.
I didn't know mandi et neither did i use drakfirewall.
$ rpm -q -a | grep mandi
mandi-1.4-5.mga9
# urpme mandi
désinstallation de mandi-1.4-5.mga9.x86_64
désinstallation du paquetage mandi-1.4-5.mga9.x86_64
1/1: désinstallation de mandi-1.4-5.mga9.x86_64
i will see if things improove aund update the issue.
regards
i do not have met the issue again. Dave : uninstalling the packages looked more like a workaround. Would you suggest closing this issue and reopening #8960 ? thanks It is a workaround. I'm not sure it's the exact same issue as in bug 8960 or a similar issue. Better to leave this one open for now. As shorewall doesn't have an assigned maintainer, leaving this assigned to all packagers. It occurred again It was after a crash with kernel-desktop-6.4.9-4 and a reboot with 6.4.9-desktop-2.mga9 août 25 11:23:40 localhost shorewall[10123]: iptables-restore v1.8.9 (legacy): interface name `Connexion_filaire_1' must be shorter than IFNAMSIZ (15) août 25 11:23:40 localhost shorewall[10123]: Error occurred at line: 107 août 25 11:23:40 localhost shorewall[10123]: Try `iptables-restore -h' or 'iptables-restore --help' for more information. août 25 11:23:40 localhost shorewall[10075]: ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input # cat /etc/shorewall*/interfaces # # Shorewall6 -- /etc/shorewall6/interfaces # # For information about entries in this file, type "man shorewall6-interfaces" # # The manpage is also online at # https://shorewall.org/manpages/shorewall-interfaces.html # ############################################################################### net enp0s20u1c4i2 detect net enp3s0 detect net enp4s0 detect net enp0s20f0u4u1i5 detect net enp0s20u4c4i2 detect net wlp2s0 detect net Connexion_filaire_1 detect net enp0s20u3c4i2 detect net wlp3s0 detect net enp0s20f0u3c4i2 detect # # Shorewall -- /etc/shorewall/interfaces # # For information about entries in this file, type "man shorewall-interfaces" # # The manpage is also online at # https://shorewall.org/manpages/shorewall-interfaces.html # net enp4s0 detect net enp0s20f0u4u1i5 detect net enp0s20u4c4i2 detect net enp0s20u1c4i2 detect net enp3s0 detect net wlp3s0 detect net enp0s20f0u3c4i2 detect net Connexion_filaire_1 detect net wlp2s0 detect net enp0s20u3c4i2 detect thanks Does "rpm -qa|grep mandi" show anything? Also, are you using network manager or drakx-net to manage the networks?
$ rpm -qa|grep mandi
$
> Also, are you using network manager or drakx-net to manage the networks?
As long i can say NetworkManager. I am not exactly sure how to check. is the following enough to be sure ?
$ systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled)
Active: active (running) since Fri 2023-08-25 10:48:33 CEST; 11h ago
Docs: man:NetworkManager(8)
Main PID: 1526 (NetworkManager)
Tasks: 4 (limit: 18860)
Memory: 9.9M
CPU: 10.768s
CGroup: /system.slice/NetworkManager.service
└─1526 /usr/sbin/NetworkManager --no-daemon
$ ps -ef |grep [d]rakx-net
$
How are you connected? As in using a physical ethernet cable, a built in wifi device, a usb wifi device, or something else? Is there more than one device? I'm trying to figure out what software is involved, to try and track down what is altering the interfaces file. i am connected with Wifi, built in
ASUS TUF Gaming F17 FX706HCB_TUF766HCB
description: Interface réseau sans fil
produit: MT7921 802.11ax PCI Express Wireless Network Adapter
fabriquant: MEDIATEK Corp.
identifiant matériel: 0
information bus: pci@0000:02:00.0
nom logique: wlp2s0
version: 00
numéro de série: 14:13:33:09:b2:1b
bits: 64 bits
horloge: 33MHz
fonctionnalités: pciexpress msi pm bus_master cap_list ethernet physical wireless
configuration: broadcast=yes driver=mt7921e driverversion=6.4.9-desktop-2.mga9 firmware=____010000-20230526130958 ip=192.168.1.24 latency=0 link=yes multicast=yes wireless=IEEE 802.11
ressources: mémoireE/S:610-60f mémoireE/S:610-60f mémoireE/S:610-60f irq:162 mémoire:6102100000-61021fffff mémoire:6102200000-6102203fff mémoire:6102204000-6102204fff
Thanks
|
Starting shorewall began to fails a few weeks ago. i investigated a bit and saw an error message about "Connexion_filaire_1" being too long. Unfortunately i cant remember where. "Connexion_filaire_1" is french and means wired connection * I found this string in /etc/shorewall*/interfaces As you can guess, no Connexion_filaire_1 exists (lo, enp3s0, wlp2s0). i removed the "net Connexion_filaire_1 detect" line in /etc/shorewall*/interfaces and the issue disappeared. but it was back a few days later, possibly after a reboot. I removed the declaration again and will update this bug report when i will reboot. Side note : there's a mix of english and locale language in /var/log/shorewall-init.log Feb 4 12:22:10 ..Expanding inline action /usr/share/shorewall/action.Multicast... Feb 4 12:22:10 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled Feb 4 12:22:10 ..End inline action /usr/share/shorewall/action.Multicast Feb 4 12:22:10 Creating iptables-restore input... Feb 4 12:22:10 Shorewall configuration compiled to /var/lib/shorewall/.start févr. 4 12:22:11 Starting Shorewall.... févr. 4 12:22:11 Initializing... févr. stands for février which is the french word for February * i switched from wifi to ethernet as the wifi driver is not very stable more or less it was close to the time shorewall fails to start. So the issue with shorewall might be related to using ethernet... or not. I submitted the issue as major because of the security consequences related to actually running without firewall and worse, thinking it is working. /etc/shorewall6/interfaces net enp0s20u1c4i2 detect net wlp3s0 detect net enp0s20f0u4u1i5 detect net enp4s0 detect net enp0s20u4c4i2 detect net Connexion_filaire_1 detect net enp0s20u3c4i2 detect net wlp2s0 detect net enp0s20f0u3c4i2 detect net enp3s0 detect /etc/shorewall/interfaces net enp0s20u4c4i2 detect net Connexion_filaire_1 detect net enp4s0 detect net wlp3s0 detect net enp0s20f0u4u1i5 detect net enp0s20u1c4i2 detect net enp0s20f0u3c4i2 detect net enp3s0 detect net wlp2s0 detect net enp0s20u3c4i2 detect # cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 70622265 180768 0 0 0 0 0 0 70622265 180768 0 0 0 0 0 0 enp3s0: 26676022236 19536296 0 98347 0 0 0 344184 1066516749 13673055 0 0 0 0 0 0 wlp2s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0