M. Vefa Bicakci wrote: > Hello, > > I tried Shorewall for the first time today. I am currently using an up-to-date > installation of Debian Sid, which has shorewall 4.2.10, shorewall-shell 4.2.10 > and shorewall-perl 4.2.10.1. > > I noticed that even though I had the following /etc/shorewall/policy file, > iptables would still show LOG rules at the end of the INPUT and OUTPUT chains > instead of ULOG rules. (Other logging related rules have ULOG as expected.) > > === 8< === > #SOURCE DEST POLICY LOG LEVEL > LIMIT:BURST > $FW net ACCEPT - > net $FW DROP ULOG > all all DROP ULOG > === >8 ===
Thanks for the patch. There is a fairly simple workaround for this
issue. In /etc/shorewall/policy, add:
all $FW DROP ULOG #Rule for INPUT chain
$FW all REJECT ULOG #Rule for OUTPUT chain
I'll include a form of your patch in the next 4.4 release. Don't know if
we will do another 4.2 full release but I'll also include this change in
the next patch release when we release it.
Thanks again,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
