invalid zone name error in shorewall even in sample file
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
invalid zone name error in shorewall even in sample file
hello guyz i have installed squid working well now installed shorewall and webmin also
when i run the (chek firewall) then it alwayz given error to me that invalid zone type although i followed the rule ... even this i put the sample shorewall 1 interface file ... for that its again giving error
....
few questions ... how to correct it ... "invalid zone error'
2nd is this (is this compulsary to run shorewall for 2 nic) if i have one can i use only one ...
thanks alot for replying but the major issue is the "invalid zone error" although i have now put sample file
plz help thnx
# This file determines your network zones. Columns are:
#
# ZONE Short name of the zone (5 Characters or less in length).
# The names "all" and "none" are reserved and may not be
# used as zone names.
# DISPLAY Display name of the zone
# COMMENTS Comments about the zone
#
# THE ORDER OF THE ENTRIES IN THIS FILE IS IMPORTANT IF YOU HAVE NESTED OR
# OVERLAPPING ZONES DEFINED THROUGH /etc/shorewall/hosts.
#
# See http://www.shorewall.net/Documentation.html#Nested
#
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Not available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Not available
Physdev Match: Not available
IP range Match: Not available
Recent Match: Not available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Not available
Connmark Match: Not available
Raw Table: Not available
CLASSIFY Target: Not available
Verifying Configuration...
Determining Zones...
ERROR: Invalid Zone Type: Net
.. an error was found in your firewall configuration!
One answer to an old question that is still happening
I got the invalid zone type error in shorewall. After much searching and testing, the problem was corrected by changing the entry in shorewall.conf showing IPSECFILE="zone" to IPSECFILE="".
Apparently in the process of upgrade to Ubuntu 7.04 a question asked produced this entry. Yet the webmin scripts assume the blank entry. and a different format for the zone file because of this entry. In other words the test scripts looked at the zone file format as if it had ipsec entries in it when the file did not have those entries or the format that would expect them.
Anyway that change solved the error for me -- after much testing.
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local Networks
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
Here you should only have two options when defining a zone. The name of the zone, for instance net as you have it. Then under TYPE which will be replacing DISPLAY as vbsaltydog suggested, it should just be ipv4. Try changing that, it should fix your error.
is just like mohsin-mm's posted above. It doesn't have a type column. It has a different format - apparently because of the IPSECFILE option setting. I had to change that setting in the shorewall.conf file and the type error went away and the firewall configuration checks out now.
Your solution would work too I am sure - but it is changing the format of the file. I am using webmin to configure - actually going back and forth between an editor and webmin. Webmin expects and presents the file in the format that appears with no type column.
Anyway - everything is working well now.
Thanks for your reply. I hope mohsin-mm got his problem solved from over a year ago. At least other folks following this thread will have some more information.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.