Re: [Shorewall-devel] [Shorewall-users] Shorewall 4.5.17

Sat, 01 Jun 2013 08:38:56 -0700 

On 06/01/2013 08:23 AM, Dash Four wrote:
> 
> 
> Tom Eastep wrote:
>> On 06/01/2013 07:22 AM, Dash Four wrote:
>>
>>   
>>> IFLOG is the "inline" equivalent of FLOG, which I have posted before:
>>>
>>> action.FLOG
>>> ~~~~~~~~~~~
>>> ?IF $1
>>>   NFLOG($1,0,1)
>>> ?ENDIF
>>> ?IF $2
>>>  ?SET @chain $3 ? $3 : " "
>>>  ?SET @disposition $4 ? $4 : " "
>>>  LOG:info(tcp_options,ip_options,macdecode,tcp_sequence,uid)
>>> ?END IF
>>> ?IF $5
>>>  $5
>>> ?END IF
>>>
>>>     
>>
>> The above doesn't compile -- ?END IF should be ?ENDIF at the very least.
>>   
> Yeah, I did a quick cut-and-paste from one of my previous posts to save 
> myself the hassle.
> 
>> I have taken the standard two-interface example and modified it as follows:
>>
>> [...]
>>
>> What am I missing?
>>   
> Define a loopback zone on 'lo' and see what happens, which is what these 
> warnings were all about.
> 
> I am assuming the "all all" catch-all statement does something to that 
> 'loopback' zone, which shorewall doesn't like, hence the warnings. I did 
> not have these warnings before I explicitly defined the loopback zone (I 
> had it as ipv4 before that).

Still no joy:

zones
-----
fw      firewall
net     ipv4
loc     ipv4
loop    loopback

interfaces
----------

net     eth0    \
         dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
loc     eth1            tcpflags,nosmurfs,routefilter,logmartians
loop    lo

teastep@gateway:~/shorewall/regressionLibrary/4.5.17$ shorewall check IFLOG/
Checking...
Processing
/home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/shorewall.conf...
Checking /home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/zones...
Checking
/home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/policy...
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking Accept Source Routing...
Checking /home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/masq...
Checking MAC Filtration -- Phase 1...
Checking /home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/rules...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking
/home/teastep/shorewall/regressionLibrary/4.5.17/IFLOG/stoppedrules...
Shorewall configuration verified
teastep@gateway:~/shorewall/regressionLibrary/4.5.17$

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to