Right (stupid failure…)!!
However, I still get the very same error message as before…
Hence, this was not the reason… 
Summing up: ip ranges do not work.
But I can’t reproduce the problem. I created a drop rule using your ip range and a multiport destination. Here’s what I find:
-A net2fw -m iprange --src-range 118.218.219.1-118.218.219.254 -p 6 -m multiport --dports 80,443 -j DROP -m comment --comment "RULE#1
No shorewall errors.
And without ports, like yours:
-A net2loc -m iprange --src-range 118.218.219.1-118.218.219.254 -j DROP -m comment --comment "RULE#1"
Maybe you have some rules that combined with this lead to the problem. Could you share privately your full configuration?
tar -zcvf db.tgz /var/lib/nethserver/db/
1 Like
Hi, i have similar problem. It is related with COMMIT line in restore file. I’ve turn off all my “custom” rules but shorewall doesn’t start at boot, but if i restart shorewall it starts. Any help appreciated.
Ok, in this minute i’ve removed also all host objects and shorewall is starting at boot, but why this things doesn’t work?.
Edit:
Thanks phonon indeed my firewalld was inactive(dead) but enabled so i turned it off. But the problem still apears if i have just one host in objects (shorewall doesn’t start at boot).
Edit:
It seems that when I fixed problem with libvirtd (not starting) now I can have firewall objects and shorewall starts at boot.
Thanks to @filippo_carletti I found my failure… I hadn’t rebooted my system after the last kernel update… now everything works! 
1 Like