You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have recently updated one of my servers from Debian Bullseye to Bookworm, and upon review of the journal, an error related to the FireHOL service has been observed.
hostmaster@hostname:~$ journalctl -b 0 -p err -u firehol.service
mar 06 12:18:53 hostname FireHOL[1345]: Runtime WARNING 'This might or might not affect the operation of your firewall.'.
Although the message indicates it is a warning, it is marked as an error by the OS. After thorough investigation, we have linked this error to the following line in the firehol.conf configuration file:
server4 all deny src "${listanegra}" LOG "listanegra"
Upon examination of another server still running Debian Bullseye (11) with the same configuration line, we discovered a similar error, albeit with a different error message:
mar 07 10:42:23 hostname FireHOL[797716]: Runtime ERROR '# 1.'. Source FIN
After debugging the FireHOL service using the set -v option, we found that the error occurs after attempting to load the module nf_conntrack_proto_gre as also documented in https://firehol.org/firehol-manual.html#service-all
mar 08 11:59:55 hostname firehol[407]: load_kernel_module nf_conntrack_proto_gre >/dev/null 2>&1 || echo >/dev/null
mar 08 11:59:55 hostname FireHOL[1531]: Runtime WARNING 'This might or might not affect the operation of your firewall.'. Source FIN
I believe this is an error that should be addressed, as Netfilter Conntrack GRE is no longer a separate kernel module but is integrated into the kernel itself (torvalds/linux@22fc4c4)
Thank you very much in advance.
Best regards.
The text was updated successfully, but these errors were encountered:
I have recently updated one of my servers from Debian Bullseye to Bookworm, and upon review of the journal, an error related to the FireHOL service has been observed.
Although the message indicates it is a warning, it is marked as an error by the OS. After thorough investigation, we have linked this error to the following line in the
firehol.conf
configuration file:server4 all deny src "${listanegra}" LOG "listanegra"
Upon examination of another server still running Debian Bullseye (11) with the same configuration line, we discovered a similar error, albeit with a different error message:
mar 07 10:42:23 hostname FireHOL[797716]: Runtime ERROR '# 1.'. Source FIN
After debugging the FireHOL service using the
set -v
option, we found that the error occurs after attempting to load the module nf_conntrack_proto_gre as also documented in https://firehol.org/firehol-manual.html#service-allI believe this is an error that should be addressed, as Netfilter Conntrack GRE is no longer a separate kernel module but is integrated into the kernel itself (torvalds/linux@22fc4c4)
Thank you very much in advance.
Best regards.
The text was updated successfully, but these errors were encountered: