############################################################################ ### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net DROP ULOG loc loc ACCEPT loc vpn ACCEPT vpn loc ACCEPT net loc REJECT ULOG # If you want open access to the Internet from your Firewall # remove the comment from the following line. #fw net ACCEPT net all DROP ULOG all all REJECT ULOG
Can anyone tell me why any hits on my external interface are not being logged? The loc to net hits are logging fine. But the net to all, all to all, and net to loc are not being logged. Does it make any difference how my rules are entered? For example, should the Inbound rules be after the outbound? Or since I have a couple of rules set to DROP from the net zone, should these rules be placed differently? I do want to DROP hits on port 80 and 113. Is this what has broken logging? Is there another way I should be doing this? This is my ruleset: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 #VCOM INBOUND RULES #DROP IDENT PORT Probes DROP net fw tcp 113 #DROP hits on port 80 DROP net fw tcp 80 #Allow Mail inbound DNAT net loc:192.168.167.50 tcp 25 #Allow VPN Inbound DNAT net loc:192.168.167.50 tcp 1723 DNAT net loc:192.168.167.50 47 - #IPSEC STUFF ACCEPT fw net udp 500 ACCEPT net fw udp 500 ACCEPT net fw 50 - ACCEPT fw net 50 - ACCEPT net fw 51 - ACCEPT fw net 51 - #VCOM OUTBOUND RULES #Allow SSH outbound (The second rule is for Eros administration) ACCEPT loc net tcp 22 ACCEPT loc:192.168.162.233 net:139.142.29.176 tcp 6000 #Allow Jabber outbound ACCEPT loc net:139.142.29.176 tcp 5224 #Allow WWW and SSL Outbound ACCEPT loc net tcp http ACCEPT loc net tcp https #Allow Telnet Outbound ACCEPT loc net tcp 23 #Allow FTP Outbound ACCEPT loc net tcp 21 #Allow MAIL outbound FROM EXCHANGE ONLY!!! Except POP3 (sigh) ACCEPT loc net tcp 25 ACCEPT loc net tcp 110 #Allow VPN connections Outbound!!!! ACCEPT loc net tcp 1723 ACCEPT loc net 47 - #Allow access to Yourlink Servers ACCEPT loc net tcp 9728 ACCEPT loc net tcp 8080 #Drop and don't log hits from loc to net on port 631 DROP loc net tcp 631 # # Allow Ping To And From Firewall Except net to fw! # ACCEPT loc fw icmp 8 DROP net fw icmp - ACCEPT fw loc icmp 8 ACCEPT fw net icmp 8 # # Bering specific rules: # allow loc to fw udp/53 for dnscache to work # allow loc to fw tcp/80 for weblet to work # ACCEPT loc fw udp 53 ACCEPT loc net udp 53 ACCEPT loc:192.168.162.233 fw tcp 80 Thanks in advance! Troy ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
