ERROR:Shorewall reload failed

Francenildo · October 14, 2019, 2:27pm

The firewall does not restart after upgrading to version 7.6 to 7.7 and blocks all links remotely, had to continue locally.

/usr/share/shorewall/lib.common: line 93

Oct 12 16:41:26 gfwmg esmith::event[20598]: Action: /etc/e-smith/events/nethserver-firewall-base-update/S50nethserver-firewall-base-conf SUCCESS [0.013578]
Oct 12 16:41:26 gfwmg esmith::event[20613]: Event: static-routes-save
Oct 12 16:41:26 gfwmg esmith::event[20613]: expanding /etc/openvpn/host-to-net.conf
Oct 12 16:41:26 gfwmg esmith::event[20613]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.179742]
Oct 12 16:41:26 gfwmg esmith::event[20613]: Action: /etc/e-smith/events/static-routes-save/S15network-route-down SUCCESS [0.107755]
Oct 12 16:41:26 gfwmg esmith::event[20613]: Action: /etc/e-smith/events/static-routes-save/S25interface-config-write SUCCESS [0.08774]
Oct 12 16:41:26 gfwmg esmith::event[20613]: Action: /etc/e-smith/events/static-routes-save/S30interface-config-write-pppoe SUCCESS [0.107191]
Oct 12 16:41:26 gfwmg esmith::event[20613]: Action: /etc/e-smith/events/static-routes-save/S35network-route-up SUCCESS [0.122031]
Oct 12 16:41:27 gfwmg systemd: Reloading.
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:17] Unknown lvalue 'MemoryDenyWriteExecute' in section 'Service'
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:18] Unknown lvalue 'LockPersonality' in section 'Service'
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:19] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:20] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Oct 12 16:41:27 gfwmg esmith::event[20613]: [INFO] service openvpn@host-to-net restart
Oct 12 16:41:27 gfwmg systemd: Stopping OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net...
Oct 12 16:41:27 gfwmg systemd: Stopped OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net.
Oct 12 16:41:27 gfwmg systemd: Starting OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net...
Oct 12 16:41:27 gfwmg systemd: Started OpenVPN Robust And Highly Flexible Tunneling Application On host/to/net.
Oct 12 16:41:27 gfwmg esmith::event[20613]: Action: /etc/e-smith/events/actions/adjust-services SUCCESS [0.514895]
Oct 12 16:41:27 gfwmg esmith::event[20613]: Event: static-routes-save SUCCESS
Oct 12 16:41:27 gfwmg esmith::event[20598]: Action: /etc/e-smith/events/nethserver-firewall-base-update/S60static-routes-save SUCCESS [1.21492]
Oct 12 16:41:27 gfwmg systemd: Reloading.
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:17] Unknown lvalue 'MemoryDenyWriteExecute' in section 'Service'
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:18] Unknown lvalue 'LockPersonality' in section 'Service'
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:19] Unknown lvalue 'ProtectControlGroups' in section 'Service'
Oct 12 16:41:27 gfwmg systemd: [/usr/lib/systemd/system/suricata.service:20] Unknown lvalue 'ProtectKernelModules' in section 'Service'
Oct 12 16:41:29 gfwmg FireQOS[21171]: Cleared all QOS on all interfaces
Oct 12 16:41:29 gfwmg FireQOS[21205]: QoS applied ok (0 tc commands applied)
Oct 12 16:41:29 gfwmg root: ERROR:Shorewall reload failed

giacomo · October 14, 2019, 3:21pm

Please try with shorewall check and shorewall restart and paste the full output here.

Francenildo · October 14, 2019, 6:27pm

Yes, I did it, but I had to do it locally this Monday. I was without access during the weekend. Firewall did not start due to kernel and possibly shorewall update. I’ve had such a problem and needed to reinstall Centos and Nethserver again. I’m just warning of a possible correction of this. After restarting everything worked. Thank you so much for the feedback.