Re: [Shorewall-devel] Shorewall 3.9.6

Tue, 08 May 2007 03:32:44 -0700 

On Tuesday 08 May 2007 03:45, Tom Eastep wrote:
> Tom Eastep wrote:
> > Tom Eastep wrote:
> >> Steven Jan Springl wrote:
> >>> On Tuesday 08 May 2007 01:59, Tom Eastep wrote:
> >>>> Tom Eastep wrote:
> >>>>> Steven Jan Springl wrote:
> >>>>>> Tom
> >>>>>>
> >>>>>> shorewall.conf entries:
> >>>>>>
> >>>>>>        LOGRATE=10/second
> >>>>>>        LOGBURST=10
> >>>>>>        FASTACCEPT=No
> >>>>>>
> >>>>>> zones file
> >>>>>>        fw   firewall
> >>>>>>        lan  ipv4  mss=22
> >>>>>>
> >>>>>> rules entries:
> >>>>>>
> >>>>>>        SECTION ESTABLISHED
> >>>>>>        LOG:warn  lan  fw  tcp  21
> >>>>>>        SECTION RELATED
> >>>>>>        LOG:warn  lan  fw  tcp  20
> >>>>>>        SECTION NEW
> >>>>>>        ACCEPT     lan  fw  tcp  21,22
> >>>>>>
> >>>>>> When compiled with shorewall-perl they generate the rules in
> >>>>>> attached file iptables-perl. They look incorrect to me.
> >>>>>>
> >>>>>> When compiled with shorewall-shell they generate the rules in
> >>>>>> attached file iptables-shell. They look correct to me.
> >>>>>
> >>>>> Steven,
> >>>>>
> >>>>> revision 6275 should work better.
> >>>>
> >>>> I'm still working on the MSS part....
> >>>>
> >>>> -Tom
> >>>
> >>> Tom
> >>>
> >>> There are also the LOGRATE a LOGBURST parameters form shorewall.conf
> >>> that seem to be ignored.
> >>
> >> Steven,
> >>
> >> I believe all of your reported problems are corrected in revision 6277.
> >
> > Take that back -- I found more problems that are corrected in revision
> > 6278.
> >
> > Thanks again, Steven
>
> One more change in revision 6279.
>
> -Tom

Good morning Tom

When LOGRATE and LOGBURST are set in shorewall.conf as above and also set on a 
rule:

        LOG:warn  lan  fw  tcp  21  1000:10000  -  2:15

then an iptables rule with both sets of LOGRATEs and LOGBURSTs is generated:

-A lan2fw -p 6 --dport 21 --sport 1000:10000 -m limit --limit 2 --limit-burst 
15 -m state --state ESTABLISHED -m limit --limit 10/second --limit-burst 
10 -j LOG --log-level 4 --log-prefix "Shorewall:lan2fw:LOG:" 

Steven.






-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to