I have decided to play around with KVM. Following the Wiki at
https://wiki.mageia.org/en/Virt-Manager
everything was fine until recompiling shorewall with
/bin/su -c "shorewall restart"
This threw up an error message:
Compiling /etc/shorewall/policy...
ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
REJECT" /etc/shorewall/policy (line 14)
The "earlier policy" must be elsewhere.
The current contents of "policy" are:
fw net ACCEPT
net all DROP info
all all REJECT info
virt all ACCEPT info
fw virt ACCEPT
This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)
This is where my limitations become apparent.
On Mon, 17 May 2021 18:06:14 +1000, Doug Laidlaw wrote:
I have decided to play around with KVM. Following the Wiki at
https://wiki.mageia.org/en/Virt-Manager
everything was fine until recompiling shorewall with
/bin/su -c "shorewall restart"
This threw up an error message:
Compiling /etc/shorewall/policy...
ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
REJECT" /etc/shorewall/policy (line 14)
The "earlier policy" must be elsewhere.
The current contents of "policy" are:
fw net ACCEPT
net all DROP info
all all REJECT info
virt all ACCEPT info
fw virt ACCEPT
This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)
This is where my limitations become apparent.
shorewall reads the rules and passes the packet based on the
first rule that allows using it.
Whenever you dink around with settings you might consider running
shorewall check
before starting shorewall.
You lucked out that shorewall does extra checking when processing
the policy file.
It is telling you that the two rules are in conflict with each other,
The error message tells you which rules are in conflict.
On 17/5/21 7:51 pm, Bit Twister wrote:
On Mon, 17 May 2021 18:06:14 +1000, Doug Laidlaw wrote:Thanks for the explanation. I was able to continue, ignoring the
I have decided to play around with KVM. Following the Wiki at
https://wiki.mageia.org/en/Virt-Manager
everything was fine until recompiling shorewall with
/bin/su -c "shorewall restart"
This threw up an error message:
Compiling /etc/shorewall/policy...
ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
REJECT" /etc/shorewall/policy (line 14)
The "earlier policy" must be elsewhere.
The current contents of "policy" are:
fw net ACCEPT
net all DROP info
all all REJECT info
virt all ACCEPT info
fw virt ACCEPT
This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)
This is where my limitations become apparent.
shorewall reads the rules and passes the packet based on the
first rule that allows using it.
Whenever you dink around with settings you might consider running
shorewall check
before starting shorewall.
You lucked out that shorewall does extra checking when processing
the policy file.
It is telling you that the two rules are in conflict with each other,
The error message tells you which rules are in conflict.
conflict.
In that case I expect that shorewall is not running.:(
The pooicy header should have "man shorewall-policy"
which will tell what causes your problem .
On 18/5/21 9:42 am, Bit Twister wrote:
In that case I expect that shorewall is not running.:(No, shorewall wsas NOT running. To locate the conflicting rule, I ran
The policy header should have "man shorewall-policy"
which will tell what causes your problem .
grep "fw virt REJECT" *
in the etc/shorewall directory. That produced a NIL result.
At this
point, to get Shorewall running again, I commented out the new
conflicting line.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 59:38:50 |
Calls: | 6,653 |
Calls today: | 5 |
Files: | 12,200 |
Messages: | 5,331,283 |