Starting shorewall began to fails a few weeks ago. i investigated a bit and saw an error message about "Connexion_filaire_1" being too long. Unfortunately i cant remember where. "Connexion_filaire_1" is french and means wired connection * I found this string in /etc/shorewall*/interfaces As you can guess, no Connexion_filaire_1 exists (lo, enp3s0, wlp2s0). i removed the "net Connexion_filaire_1 detect" line in /etc/shorewall*/interfaces and the issue disappeared. but it was back a few days later, possibly after a reboot. I removed the declaration again and will update this bug report when i will reboot. Side note : there's a mix of english and locale language in /var/log/shorewall-init.log Feb 4 12:22:10 ..Expanding inline action /usr/share/shorewall/action.Multicast... Feb 4 12:22:10 Rule " DROP - - - ;; -m addrtype --dst-type MULTICAST" Compiled Feb 4 12:22:10 ..End inline action /usr/share/shorewall/action.Multicast Feb 4 12:22:10 Creating iptables-restore input... Feb 4 12:22:10 Shorewall configuration compiled to /var/lib/shorewall/.start févr. 4 12:22:11 Starting Shorewall.... févr. 4 12:22:11 Initializing... févr. stands for février which is the french word for February * i switched from wifi to ethernet as the wifi driver is not very stable more or less it was close to the time shorewall fails to start. So the issue with shorewall might be related to using ethernet... or not. I submitted the issue as major because of the security consequences related to actually running without firewall and worse, thinking it is working. /etc/shorewall6/interfaces net enp0s20u1c4i2 detect net wlp3s0 detect net enp0s20f0u4u1i5 detect net enp4s0 detect net enp0s20u4c4i2 detect net Connexion_filaire_1 detect net enp0s20u3c4i2 detect net wlp2s0 detect net enp0s20f0u3c4i2 detect net enp3s0 detect /etc/shorewall/interfaces net enp0s20u4c4i2 detect net Connexion_filaire_1 detect net enp4s0 detect net wlp3s0 detect net enp0s20f0u4u1i5 detect net enp0s20u1c4i2 detect net enp0s20f0u3c4i2 detect net enp3s0 detect net wlp2s0 detect net enp0s20u3c4i2 detect # cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 70622265 180768 0 0 0 0 0 0 70622265 180768 0 0 0 0 0 0 enp3s0: 26676022236 19536296 0 98347 0 0 0 344184 1066516749 13673055 0 0 0 0 0 0 wlp2s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
CC: (none) => boulshet
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
is has occurred again. don't know if it's related but it was after a kernel crash. I have crashes quite often those days * and it is possible that the previous shorewall events where also related to reboots after crashes. * My wifi is not stable under network load. I have temporary switched to ethernet and i am trying from time to time if things have improoved...
My recommendation. Uninstall mandi-ifw and mandi. For both /etc/shorewall/interfaces and /etc/shorewall6/interfaces put a line ... net + detect as the only non commented line. The + for the interface name means any network interface. Once that's done, never use drakfirewall or drakfirewall6. I suspect bug 8960 may have been reintroduced. Regards, Dave Hodgins
CC: (none) => davidwhodgins
thanks. I didn't know mandi et neither did i use drakfirewall. $ rpm -q -a | grep mandi mandi-1.4-5.mga9 # urpme mandi désinstallation de mandi-1.4-5.mga9.x86_64 désinstallation du paquetage mandi-1.4-5.mga9.x86_64 1/1: désinstallation de mandi-1.4-5.mga9.x86_64 i will see if things improove aund update the issue. regards
i do not have met the issue again. Dave : uninstalling the packages looked more like a workaround. Would you suggest closing this issue and reopening #8960 ? thanks
It is a workaround. I'm not sure it's the exact same issue as in bug 8960 or a similar issue. Better to leave this one open for now. As shorewall doesn't have an assigned maintainer, leaving this assigned to all packagers.
It occurred again It was after a crash with kernel-desktop-6.4.9-4 and a reboot with 6.4.9-desktop-2.mga9 août 25 11:23:40 localhost shorewall[10123]: iptables-restore v1.8.9 (legacy): interface name `Connexion_filaire_1' must be shorter than IFNAMSIZ (15) août 25 11:23:40 localhost shorewall[10123]: Error occurred at line: 107 août 25 11:23:40 localhost shorewall[10123]: Try `iptables-restore -h' or 'iptables-restore --help' for more information. août 25 11:23:40 localhost shorewall[10075]: ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input # cat /etc/shorewall*/interfaces # # Shorewall6 -- /etc/shorewall6/interfaces # # For information about entries in this file, type "man shorewall6-interfaces" # # The manpage is also online at # https://shorewall.org/manpages/shorewall-interfaces.html # ############################################################################### net enp0s20u1c4i2 detect net enp3s0 detect net enp4s0 detect net enp0s20f0u4u1i5 detect net enp0s20u4c4i2 detect net wlp2s0 detect net Connexion_filaire_1 detect net enp0s20u3c4i2 detect net wlp3s0 detect net enp0s20f0u3c4i2 detect # # Shorewall -- /etc/shorewall/interfaces # # For information about entries in this file, type "man shorewall-interfaces" # # The manpage is also online at # https://shorewall.org/manpages/shorewall-interfaces.html # net enp4s0 detect net enp0s20f0u4u1i5 detect net enp0s20u4c4i2 detect net enp0s20u1c4i2 detect net enp3s0 detect net wlp3s0 detect net enp0s20f0u3c4i2 detect net Connexion_filaire_1 detect net wlp2s0 detect net enp0s20u3c4i2 detect thanks
Does "rpm -qa|grep mandi" show anything?
Also, are you using network manager or drakx-net to manage the networks?
$ rpm -qa|grep mandi $ > Also, are you using network manager or drakx-net to manage the networks? As long i can say NetworkManager. I am not exactly sure how to check. is the following enough to be sure ? $ systemctl status NetworkManager ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: enabled) Active: active (running) since Fri 2023-08-25 10:48:33 CEST; 11h ago Docs: man:NetworkManager(8) Main PID: 1526 (NetworkManager) Tasks: 4 (limit: 18860) Memory: 9.9M CPU: 10.768s CGroup: /system.slice/NetworkManager.service └─1526 /usr/sbin/NetworkManager --no-daemon $ ps -ef |grep [d]rakx-net $
How are you connected? As in using a physical ethernet cable, a built in wifi device, a usb wifi device, or something else? Is there more than one device? I'm trying to figure out what software is involved, to try and track down what is altering the interfaces file.
i am connected with Wifi, built in ASUS TUF Gaming F17 FX706HCB_TUF766HCB description: Interface réseau sans fil produit: MT7921 802.11ax PCI Express Wireless Network Adapter fabriquant: MEDIATEK Corp. identifiant matériel: 0 information bus: pci@0000:02:00.0 nom logique: wlp2s0 version: 00 numéro de série: 14:13:33:09:b2:1b bits: 64 bits horloge: 33MHz fonctionnalités: pciexpress msi pm bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=mt7921e driverversion=6.4.9-desktop-2.mga9 firmware=____010000-20230526130958 ip=192.168.1.24 latency=0 link=yes multicast=yes wireless=IEEE 802.11 ressources: mémoireE/S:610-60f mémoireE/S:610-60f mémoireE/S:610-60f irq:162 mémoire:6102100000-61021fffff mémoire:6102200000-6102203fff mémoire:6102204000-6102204fff Thanks