Description of problem: Shorewall cannot find some (or even all?) helper modules, because it looks for *.ko files, but all modules in kernel/net/ipv4/netfilter directory are compressed, names end with .ko.xz. As a consequence some important modules, like nf_nat_ftp, a not being loaded at start. They a not loaded automatically at later time either. Version-Release number of selected component (if applicable): shorewall-4.6.5.3-1.fc21.noarch shorewall-core-4.6.5.3-1.fc21.noarch How reproducible: Always. Steps to Reproduce: 1. install shorewall 2. turn off other solutions for controlling linux firewall 3. reboot or unload all helper modules 4. start shorewall 5. run lsmod | grep nf_nat_ftp Actual results: Empty output Expected results: nf_nat_ftp Additional info: Reporting it here, because I think it is distro specific, not a general problem with shorewall (specific patch is needed for Fedora). Adding output of "shorewall trace start" as an attachment.
Created attachment 979539 [details] Output of "shorewall trace start"
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Workaround is to set in shorewall.conf: MODULE_SUFFIX=ko.xz I'll try to get that see properly by default.
shorewall-4.6.6.2-2.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/shorewall-4.6.6.2-2.fc21
Package shorewall-4.6.6.2-2.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing shorewall-4.6.6.2-2.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2474/shorewall-4.6.6.2-2.fc21 then log in and leave karma (feedback).
shorewall-4.6.6.2-2.fc21 works
A little problem with shorewall6-4.6.6.2-2.fc21.noarch.rpm: Updating : shorewall6-4.6.6.2-2.fc21.noarch 3/6 warning: /etc/shorewall6/shorewall6.conf created as /etc/shorewall6/shorewall6.conf.rpmnew sed: can't read /etc/shorewall/shorewall6.conf: No such file or directory warning: %post(shorewall6-4.6.6.2-2.fc21.noarch) scriptlet failed, exit status 2 Non-fatal POSTIN scriptlet failure in rpm package shorewall6-4.6.6.2-2.fc21.noarch Shorewall6 should not touch /etc/shorewall directory.
Package shorewall-4.6.6.2-3.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing shorewall-4.6.6.2-3.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2474/shorewall-4.6.6.2-3.fc21 then log in and leave karma (feedback).
Seems to be OK now. Thank You.
shorewall-4.6.6.2-3.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.