1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • Installing libvirt.

    From Doug Laidlaw@2:250/1 to All on Mon May 17 09:06:14 2021
    I have decided to play around with KVM. Following the Wiki at

    https://wiki.mageia.org/en/Virt-Manager

    everything was fine until recompiling shorewall with

    /bin/su -c "shorewall restart"

    This threw up an error message:

    Compiling /etc/shorewall/policy...
    ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
    REJECT" /etc/shorewall/policy (line 14)

    The "earlier policy" must be elsewhere.
    The current contents of "policy" are:

    fw net ACCEPT
    net all DROP info
    all all REJECT info
    virt all ACCEPT info
    fw virt ACCEPT

    This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)

    This is where my limitations become apparent.

    --- MBSE BBS v1.0.7.21 (GNU/Linux-x86_64)
    * Origin: Aioe.org NNTP Server (2:250/1@fidonet)
  • From Bit Twister@2:250/1 to All on Mon May 17 10:51:37 2021
    On Mon, 17 May 2021 18:06:14 +1000, Doug Laidlaw wrote:
    I have decided to play around with KVM. Following the Wiki at

    https://wiki.mageia.org/en/Virt-Manager

    everything was fine until recompiling shorewall with

    /bin/su -c "shorewall restart"

    This threw up an error message:

    Compiling /etc/shorewall/policy...
    ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
    REJECT" /etc/shorewall/policy (line 14)

    The "earlier policy" must be elsewhere.
    The current contents of "policy" are:

    fw net ACCEPT
    net all DROP info
    all all REJECT info
    virt all ACCEPT info
    fw virt ACCEPT

    This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)

    This is where my limitations become apparent.

    shorewall reads the rules and passes the packet based on the
    first rule that allows using it.

    Whenever you dink around with settings you might consider running
    shorewall check
    before starting shorewall.

    You lucked out that shorewall does extra checking when processing
    the policy file.

    It is telling you that the two rules are in conflict with each other,

    The error message tells you which rules are in conflict.



    --- MBSE BBS v1.0.7.21 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From Doug Laidlaw@2:250/1 to All on Mon May 17 23:25:12 2021
    On 17/5/21 7:51 pm, Bit Twister wrote:
    On Mon, 17 May 2021 18:06:14 +1000, Doug Laidlaw wrote:
    I have decided to play around with KVM. Following the Wiki at

    https://wiki.mageia.org/en/Virt-Manager

    everything was fine until recompiling shorewall with

    /bin/su -c "shorewall restart"

    This threw up an error message:

    Compiling /etc/shorewall/policy...
    ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
    REJECT" /etc/shorewall/policy (line 14)

    The "earlier policy" must be elsewhere.
    The current contents of "policy" are:

    fw net ACCEPT
    net all DROP info
    all all REJECT info
    virt all ACCEPT info
    fw virt ACCEPT

    This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)

    This is where my limitations become apparent.

    shorewall reads the rules and passes the packet based on the
    first rule that allows using it.

    Whenever you dink around with settings you might consider running
    shorewall check
    before starting shorewall.

    You lucked out that shorewall does extra checking when processing
    the policy file.

    It is telling you that the two rules are in conflict with each other,

    The error message tells you which rules are in conflict.


    Thanks for the explanation. I was able to continue, ignoring the
    conflict. Similarly, there was a dependency conflict which required me
    to uninstall task-printing. That was no problem either, probably
    because task-printing is an "umbrella" file, and the RPMs I needed to
    make my printer work, were not affected.

    --- MBSE BBS v1.0.7.21 (GNU/Linux-x86_64)
    * Origin: Aioe.org NNTP Server (2:250/1@fidonet)
  • From Bit Twister@2:250/1 to All on Tue May 18 00:42:16 2021
    On Tue, 18 May 2021 08:25:12 +1000, Doug Laidlaw wrote:
    On 17/5/21 7:51 pm, Bit Twister wrote:
    On Mon, 17 May 2021 18:06:14 +1000, Doug Laidlaw wrote:
    I have decided to play around with KVM. Following the Wiki at

    https://wiki.mageia.org/en/Virt-Manager

    everything was fine until recompiling shorewall with

    /bin/su -c "shorewall restart"

    This threw up an error message:

    Compiling /etc/shorewall/policy...
    ERROR: Policy "fw virt ACCEPT" duplicates earlier policy "fw virt
    REJECT" /etc/shorewall/policy (line 14)

    The "earlier policy" must be elsewhere.
    The current contents of "policy" are:

    fw net ACCEPT
    net all DROP info
    all all REJECT info
    virt all ACCEPT info
    fw virt ACCEPT

    This is in Mga 8. Everything seemed fine in Cauldron (Mga 9)

    This is where my limitations become apparent.

    shorewall reads the rules and passes the packet based on the
    first rule that allows using it.

    Whenever you dink around with settings you might consider running
    shorewall check
    before starting shorewall.

    You lucked out that shorewall does extra checking when processing
    the policy file.

    It is telling you that the two rules are in conflict with each other,

    The error message tells you which rules are in conflict.


    Thanks for the explanation. I was able to continue, ignoring the
    conflict.

    In that case I expect that shorewall is not running. :(

    The pooicy header should have "man shorewall-policy"
    which will tell what causes your problem .


    --- MBSE BBS v1.0.7.21 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From Doug Laidlaw@2:250/1 to All on Fri May 21 10:39:09 2021
    On 18/5/21 9:42 am, Bit Twister wrote:
    In that case I expect that shorewall is not running.:(

    The pooicy header should have "man shorewall-policy"
    which will tell what causes your problem .

    No, shorewall wsas NOT running. To locate the conflicting rule, I ran

    grep "fw virt REJECT" *

    in the etc/shorewall directory. That produced a NIL result. At this
    point, to get Shorewall running again, I commented out the new
    conflicting line. I think that it would have been simpler to keep using VirtualBox.

    --- MBSE BBS v1.0.7.21 (GNU/Linux-x86_64)
    * Origin: Aioe.org NNTP Server (2:250/1@fidonet)
  • From Bit Twister@2:250/1 to All on Fri May 21 12:29:14 2021
    On Fri, 21 May 2021 19:39:09 +1000, Doug Laidlaw wrote:
    On 18/5/21 9:42 am, Bit Twister wrote:
    In that case I expect that shorewall is not running.:(

    The policy header should have "man shorewall-policy"
    which will tell what causes your problem .

    No, shorewall wsas NOT running. To locate the conflicting rule, I ran

    grep "fw virt REJECT" *

    in the etc/shorewall directory. That produced a NIL result.

    Yep. Does not surprise me. Policy file could be tab separated fields.


    At this
    point, to get Shorewall running again, I commented out the new
    conflicting line.

    How sad, the "man shorewall-policy" tells you the all all REJECT info
    line is to be last in the file.

    --- MBSE BBS v1.0.7.21 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)