Shorewall UNTRACKED state issue

Jurjen Bokma

Last modified: "2018-05-18 10:05:07 jurjen"


Fix ERROR: UNTRACKED state requires Raw Table in your kernel and iptables in shorewall.

Module 'shorewall' in Puppet fails with kernel 4.8 and 4.12 on Xenial, saying:

ERROR: UNTRACKED state requires Raw Table in your kernel and iptables
at /usr/share/shorewall/Shorewall/ line 1370.

This is remedied by the following steps:

  1. Copy /usr/share/shorewall/helpers to /etc/shorewall/.

  2. /etc/shorewall/helpers
    loadmodule iptable_raw
  3. /etc/shorewall.conf