Shorewall - Error (6010) in the line 20


In my servers, shorewall present the error:

When the line 20 is removed, and service shorewall is restarted, this service run.

What is it?

What is on line 20 in the /etc/shorewall/stoppedrules file?


Having the number 6010 there on its own does not look correct.

If you removed that line 20, I assume the shorewall reload works fine?

yes! works fine! but only in server with the web proxy is configured… in other services, like only vm server, the service is run perfectly

Not sure what it putting that value in there to be honest, haven’t seen that occur before.

Okay, I just saw it happen recently in 03 servers that I installed … I’m also seeing the relationship with shorewall … I do not have anything configured as a 6010 port, I’m still researching a solution. Thank you!

Does this command returns anything:

netstat -tunap |grep 6010

Do you use X11 forwarding with ssh?

Yes, the X11 is actived

What’s the outcome of:

ss -nlp4t | grep sshd

cc/ @davidep @giacomo
The bug is in this script:


wow!!! great, man!!

How do we fix the bug and send the patch to the developers of nethserver?

1 Like

Mmm… Good question. :sweat_smile: I don’t know the answer so I ask the same.

Do you want X11 forwarding available when the firewall is stopped/restarting?

stoppedrules — The Shorewall file that governs what traffic flows through the firewall while it is in the ‘stopped’ state.

What’s the outcome of:

echo `ss -nlp4t | grep sshd  | awk '{print \$4}' | cut -d':' -f 2`

P.S. Sorry, I don’t have x11 forwarding set up for testing

1 Like

I don’t know much Perl but seems an easy fix is possible.
Maybe set ssh_port to an array and wrap the if statement within a (foreach) loop.
Do you have some experience with?

1 Like

I Go Try modify the script…

Great finding, a really nasty bug.
I’d change the code like:

ss -nlp4t | grep sshd | grep -v 127\.0\.0\.1 | awk '{print $4}' | cut -d':' -f 2

to filter out sshd listening on localhost from X forwarding.


I did a test, replicated the problem and verified the fix.
Expect an update next week. Mean while you can keep your file modified as I suggested.


thanks, Filippo!! Great Help, Man!!!
Nethserver is a wonderful Linux Solution! Powerfull!!!