More error message updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 08:44:05 +01:00 · 2005-10-04 17:19:24 +00:00 · 2005-10-04 17:19:24 +00:00 · 1b42f18f5f
commit 1b42f18f5f
parent e70b1246b0
1 changed files with 39 additions and 13 deletions
--- a/Shorewall-docs2/ErrorMessages.xml
+++ b/Shorewall-docs2/ErrorMessages.xml
@ -800,7 +800,7 @@
  <section>
    <title>Iptables Error Messages</title>

-    <para>By far the most asked about iptables error message is:</para>
+    <para>By far the most asked about iptables error messages are:</para>

    <glosslist>
      <glossentry>
@ -813,27 +813,53 @@
          copy of the iptables command that is failing. Most commonly, the
          problem is that one of the match types (keyword following "-m" in
          the command) isn't supported by your iptables/kernel. The output of
-          "shorewall check" shows you what your iptables/kernel
+          "shorewall show capabilities" shows you what your iptables/kernel
          support:</para>

-          <programlisting>gateway:~# shorewall check
-Loading /usr/share/shorewall/functions...
-Processing /etc/shorewall/params ...
-Processing /etc/shorewall/shorewall.conf...
-Loading Modules...
-<emphasis role="bold">Shorewall has detected the following iptables/netfilter capabilities:
-   NAT: Available
+          <programlisting>gateway:~# shorewall show capabilities
+Shorewall has detected the following iptables/netfilter capabilities:
+ <emphasis role="bold">  NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Available
   Connection Tracking Match: Available
-   Packet Type Match: Not available
+   Packet Type Match: Available
   Policy Match: Available
   Physdev Match: Available
-   IP range Match: Available</emphasis>
-Verifying Configuration...
+   IP range Match: Available
+   Recent Match: Available
+   Owner Match: Available
+   Ipset Match: Available
+   ROUTE Target: Not available
+   Extended MARK Target: Available
+   CONNMARK Target: Available
+   Connmark Match: Available</emphasis>
+   <emphasis role="bold">Raw Table: Available</emphasis>
+gateway:~#</programlisting>
+        </glossdef>
+      </glossentry>

-...</programlisting>
+      <glossentry>
+        <glossterm>iptables: invalid argument</glossterm>
+
+        <glossdef>
+          <para>Answer: 99.999% of the time, this error is caused by a
+          mismatch between your iptables and kernel.</para>
+
+          <orderedlist>
+            <listitem>
+              <para>Your iptables must be compiled against a kernel source
+              tree that is Netfilter-compatible with the kernel that you are
+              running.</para>
+            </listitem>
+
+            <listitem>
+              <para>If you rebuild iptables using the defaults and install it,
+              it will be installed in /usr/local/sbin/iptables. As shown
+              above, you have the IPTABLES variable in shorewall.conf set to
+              "/sbin/iptables".</para>
+            </listitem>
+          </orderedlist>
        </glossdef>
      </glossentry>
    </glosslist>