Shorewall wont start

any thoughts please folks?


QEMU Standard PC (i440FX + PIIX, 1996)


Common KVM processor x 4

Kernel Release


Operating System

NethServer release 7.9.2009 (final)

What’s on line 53 of /etc/shorewall/mangle ?
Any recent firewall rule or custom template?

Hi Dnutan
Ive made no changes in recallable history

appologies here is /etc/shorewall/mangle
no changes of any type made to firewall in last 6 months

db fwrules show 18

Does the host object exist (with an IP address)?

db hosts show

[root@cwprod10v01 ~]# db hosts show
Description=dynamic dns used for offsite edinburgh
[root@cwprod10v01 ~]#

If the firewall rule is still of use I believe that should have an IP address, and it is the cause of the problem with shorewall.

If no fixed IP available and you are using some script to get and fill the IP address from a Dynamic DNS service, check that both the script and dyndns are working.

Someone else here pointed to the risk of DNS poisoning

Fail2ban : white list a FQDN and/or a CDIR
Firewall PortForwarding Question

Additional note: the db hosts entry is a bit mangled with invalid syntax and extra properties that should not be there.

Hi dnutan
I have no current requirement for communications with this address and am not reliant on dynamic dns also so will look at removing references to this address etc

1 Like

any idea how i get rid of refeences to I cant find any obvious config from the gui

Maybe it was an item on old UI…
You can delete the host object and the firewall rule with:

db hosts delete
db fwrules delete 18
signal-event firewall-adjust

You can search for other leftovers with grep (but take care before deleting anything…, change the search term as you consider more appropriate):

grep -ri cwoffsite /etc/e-smith/db/

Also take a look at custom templates:

grep -ri cwoffsite /etc/e-smith/templates-custom/

…and cronjobs.


thank you dnutan - that last guidance did the trick - appreciated!