Shorewall UNTRACKED state issue

Jurjen Bokma

Last modified: "2018-05-18 10:05:07 jurjen"

Abstract

Fix ERROR: UNTRACKED state requires Raw Table in your kernel and iptables in shorewall.


Module 'shorewall' in Puppet fails with kernel 4.8 and 4.12 on Xenial, saying:


ERROR: UNTRACKED state requires Raw Table in your kernel and iptables
at /usr/share/shorewall/Shorewall/Config.pm line 1370.
      

This is remedied by the following steps:

  1. Copy /usr/share/shorewall/helpers to /etc/shorewall/.

  2. /etc/shorewall/helpers
    loadmodule iptable_raw
  3. /etc/shorewall.conf
    LOAD_HELPERS_ONLY=Yes