From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 332B6138334 for ; Mon, 12 Nov 2018 10:54:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 49A22E0AE5; Mon, 12 Nov 2018 10:54:26 +0000 (UTC) Received: from smarthost03b.mail.zen.net.uk (smarthost03b.mail.zen.net.uk [212.23.1.21]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BF389E09C9 for ; Mon, 12 Nov 2018 10:54:25 +0000 (UTC) Received: from [82.69.80.10] (helo=peak.localnet) by smarthost03b.mail.zen.net.uk with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gM9rL-0005B6-Ud for gentoo-user@lists.gentoo.org; Mon, 12 Nov 2018 10:54:23 +0000 From: Peter Humphrey To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Shorewall config problem Date: Mon, 12 Nov 2018 10:54:23 +0000 Message-ID: <1602750.EXu5kns8QV@peak> In-Reply-To: <2427846.qq7pUSgiCD@andromeda> References: <2773204.5xrmTnOrsU@peak> <2427846.qq7pUSgiCD@andromeda> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Originating-smarthost03b-IP: [82.69.80.10] Feedback-ID: 82.69.80.10 X-Archives-Salt: f7db65c3-4aa9-4268-9dee-f11439c4f9a7 X-Archives-Hash: 81c80169af388d8d4cfe77b1ff996601 On Monday, 12 November 2018 10:19:24 GMT J. Roeleveld wrote: > On Monday, November 12, 2018 11:11:52 AM CET Peter Humphrey wrote: > > Morning all, > > > > When emerging shorewall-5.2.1.1 I get an error from the kernel settings > > check: > > > > CONFIG_NF_CONNTRACK_IPV4: is not set when it should be. > > > > This is with gentoo-sources-4.19.1. And indeed there is no such kernel > > parameter: > > > > $ grep CONFIG_NF_CONNTRACK /usr/src/linux/.config > > CONFIG_NF_CONNTRACK=m <<< Note > > # CONFIG_NF_CONNTRACK_MARK is not set > > CONFIG_NF_CONNTRACK_SECMARK=y > > # CONFIG_NF_CONNTRACK_ZONES is not set > > CONFIG_NF_CONNTRACK_PROCFS=y > > # CONFIG_NF_CONNTRACK_EVENTS is not set > > # CONFIG_NF_CONNTRACK_TIMEOUT is not set > > # CONFIG_NF_CONNTRACK_TIMESTAMP is not set > > # CONFIG_NF_CONNTRACK_LABELS is not set > > # CONFIG_NF_CONNTRACK_AMANDA is not set > > CONFIG_NF_CONNTRACK_FTP=m > > # CONFIG_NF_CONNTRACK_H323 is not set > > CONFIG_NF_CONNTRACK_IRC=m > > # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set > > # CONFIG_NF_CONNTRACK_SNMP is not set > > # CONFIG_NF_CONNTRACK_PPTP is not set > > # CONFIG_NF_CONNTRACK_SANE is not set > > CONFIG_NF_CONNTRACK_SIP=m > > # CONFIG_NF_CONNTRACK_TFTP is not set > > > > On another box with gentoo sources 4.14.78 I get this: > > > > $ grep CONFIG_NF_CONNTRACK_IP /usr/src/linux/.config > > CONFIG_NF_CONNTRACK_IPV4=y > > CONFIG_NF_CONNTRACK_IPV6=y > > > > So far I've been ignoring the error, assuming that the entry I've noted > > above now combines IPV4 and IPV6. > > > > Does the panel think this is worth a bug report against shorewall? > > Does it show up when you search for that config-item from within "make > menuconfig"? > Not all config-items end up in the config-file, especially if pre-requisites > are disabled themselves. Nope. -- Regards, Peter.