Documentation updates for error messages

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1988 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 08:03:11 +01:00 · 2005-03-08 19:45:54 +00:00 · 2005-03-08 19:45:54 +00:00 · 2727c97ca5
commit 2727c97ca5
parent 3ebaa3daa5
1 changed files with 42 additions and 1 deletions
--- a/Shorewall-docs2/ErrorMessages.xml
+++ b/Shorewall-docs2/ErrorMessages.xml
@ -511,7 +511,48 @@
          defined in <filename>/etc/shorewall/zones</filename> but has no
          corresponding entries in
          <filename>/etc/shorewall/interfaces</filename> or in
-          <filename>/etc/shorewall/hosts</filename>. </para>
+          <filename>/etc/shorewall/hosts</filename>.</para>
+        </glossdef>
+      </glossentry>
+    </glosslist>
+  </section>
+
+  <section>
+    <title>Iptables Error Messages</title>
+
+    <para>By far the most asked about iptables error message is:</para>
+
+    <glosslist>
+      <glossentry>
+        <glossterm>iptables: No chain/target/match by that name</glossterm>
+
+        <glossdef>
+          <para>This almost always means that you are trying to use a
+          Shorewall feature that your iptables and/or kernel do not support.
+          Beginning with version 2.2.0, Shorewall follows this message with a
+          copy of the rule that is failing. Most commonly, the problem is that
+          one of the match types (keyword following "-m" in the command) isn't
+          supported by your iptables/kernel. The output of "shorewall check"
+          shows you what your iptables/kernel support:</para>
+
+          <programlisting>gateway:~# shorewall check
+Loading /usr/share/shorewall/functions...
+Processing /etc/shorewall/params ...
+Processing /etc/shorewall/shorewall.conf...
+Loading Modules...
+<emphasis role="bold">Shorewall has detected the following iptables/netfilter capabilities:
+   NAT: Available
+   Packet Mangling: Available
+   Multi-port Match: Available
+   Extended Multi-port Match: Available
+   Connection Tracking Match: Available
+   Packet Type Match: Not available
+   Policy Match: Available
+   Physdev Match: Available
+   IP range Match: Available</emphasis>
+Verifying Configuration...
+
+...</programlisting>
        </glossdef>
      </glossentry>
    </glosslist>