Another problem with a manual
/etc/init.d/firewall restart
is firewall.local and IPSet sets in there. While debugging the firewall initscript the following appears
+ /usr/local/bin/firewallctrl
ipset v7.17: Set cannot be destroyed: it is in use by a kernel component
ERROR: ipset destroy companies
which results in in a
+ /usr/local/bin/firewallctrl
+ IPSETCOMPANY=/sbin/iptables
+ IPT=/sbin/iptables
+ case "$1" in
+ /etc/sysconfig/firewall.local stop
+ IPSETCOMPANY=/sbin/iptables
+ IPT=/sbin/iptables
+ case "$1" in
+ /sbin/iptables -F CUSTOMFORWARD
+ /sbin/iptables -F CUSTOMINPUT
+ /sbin/iptables -F CUSTOMOUTPUT
+ /etc/sysconfig/firewall.local start
+ IPSETCOMPANY=/sbin/iptables
+ IPT=/sbin/iptables
+ case "$1" in
+ /sbin/iptables -I CUSTOMFORWARD -m set --match-set companies dst -j REJECT
iptables v1.8.9 (legacy): Set companies doesn't exist.
Try `iptables -h' or 'iptables --help' for more information.
+ /sbin/iptables -I CUSTOMINPUT -m set --match-set companies src -j REJECT
iptables v1.8.9 (legacy): Set companies doesn't exist.
Try `iptables -h' or 'iptables --help' for more information.
+ /sbin/iptables -I CUSTOMOUTPUT -m set --match-set companies dst -j REJECT
iptables v1.8.9 (legacy): Set companies doesn't exist.
Try `iptables -h' or 'iptables --help' for more information.
and i think you know this problem.
So answering to your statement in here → Weird problem how should I proceed? - #13 by mumpitz
“I was convinced that it had something to do with the ASN script, but it was your script. Both at the same time does not work.”
this is not true, both scripts should work together without problems but mine does not with a firewall restart like the Tor rules also does not work with.
Have for the firewall.local problem currently no fix but may time will tell or may others have earlier one ?! Let´ see.
Best,
Erik