On Thu, 2007-11-22 at 19:24 +0200, alex wrote: > >> I am sorry Tom, but i think that you don't understand my question > >> about discover packet path through iptables rule. > >> I mean that when i create by shorewall rule for iptables, is there > >> easy method to find through what chains and rules goes concrete packets? > >> May be with logging (but simple enabled/disabled)? > > > > The only thing along those lines is LOGALLNEW in shorewall.conf. > > > > -Tom > > Tom, when i try to change logformat to: > > LOGFORMAT="Shwall:%s:%d:%s:" > > 'iptables' stop any logging. :-( >
No it doesn't. Nov 22 09:31:44 test kernel: Shwall:net2fw:1:DROP:IN=eth0 OUT= MAC=00:16:3e:83:ad:28:fe:ff:ff:ff:ff:ff:08:00 SRC=192.168.1.3 DST=192.168.1.7 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=62614 DF PROTO=TCP SPT=59833 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 22 09:31:47 test kernel: Shwall:net2fw:1:DROP:IN=eth0 OUT= MAC=00:16:3e:83:ad:28:fe:ff:ff:ff:ff:ff:08:00 SRC=192.168.1.3 DST=192.168.1.7 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=62615 DF PROTO=TCP SPT=59833 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
