> > It turns out I did do something else to the configuration to > > get it to work. I had added two more LOG entries to debug the > > situation. It wasn't the HTTPSout log rule rename to 443out > > that fixed it. Apparently what fixed it was adding two more > > log rules. > > > > LOG:$LOG:NETout $FW net tcp - - - - > > - > > LOG:$LOG:NETin net all tcp - - - - > > > > > > With the NETout and NETin rules added, the https configuration > > works for either instance of the https log tag, but if I > > comment out the the NETin log rule, things break again. > > > > This is very weird. Do you want the rules file too? > > I understand what's wrong with the ruleset; it has not rule(s) for > handling net->fw traffic. By adding the 'net->all' logging rule, you > forced the net2fw chain to be created. > > I would like a tarball with the entire /etc/shorewall so that I can be > sure that the problem is fixed in the current releases. > > Thanks, > -Tom
So I could remove the LOG rules just by adding any valid net->fw rule even if it is a DROP or REJECT rule that is redundant with a policy? I have sent etc_shorewall_net2fw.tar.bz2 to you directly instead of over the list. --- Kevin R. Bulgrien Design and Development Engineer VertexRSI This email message is for the sole use of the intended recipient(s) and may contain General Dynamics SATCOM Technologies confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
