Re: [Shorewall-users] Shorewall Actions

[Oscar Mas]

Tom Eastep wrote:
Oscar Mas wrote:
  
Hi....
I'm using shorewall from debian etch package. I like add one rule from 
action, but not work.

wg:~# shorewall version
3.2.6

wg:~# dpkg -l | grep shorewall
ii  shorewall                         3.2.6-2                         
Shoreline Firewall (Shorewall), a high-level

wg:~# cat /etc/shorewall/shorewall.conf | grep CONFIG_PATH=
        CONFIG_PATH=/etc/shorewall:/usr/share/shorewall

wg:~# vi /etc/shorewall/actions
        icmpok

wg:~# vi /etc/shorewall/action.icmpok
        
######################################################################################
        #TARGET  SOURCE         DEST            PROTO   DEST    
SOURCE          RATE    USER/
        #                                               PORT    
PORT(S)         LIMIT   GROUP
        ACCEPT  loc             $FW             icmp
        #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

wg:~# shorewall clear && shorewall start

When I ping to the server from my network he say:

[EMAIL PROTECTED]:~$ ping 192.168.1.1 -c 2
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
 From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
 From 192.168.1.1 icmp_seq=2 Destination Host Unreachable

--- 192.168.1.1 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms

The rule don't work, what is the error ?
    

You haven't invoked the action in your rules file.

-Tom
  
Ops.... sorry.... this is the problem, but when I add the reule, 
shorewall crash:

wg:~# vi /etc/shorewall/rules
......
ACCEPT          loc             $FW             tcp     8500    # GoldFusion
ACCEPT          loc             $FW             udp     1194    # OpenVPN
icmpok:debug   -                -                    -
.....

this is correct ?

Thanks in advanced.

--
ilimit...


*Oscar Mas*
[EMAIL PROTECTED]

ÀREA SISTEMES
0034 937 333 375
VOLTA 1, PIS 5
08224 TERRASSA.BCN

Aquest enviament és confidencial i està destinat únicament a la persona a qui 
s'ha enviat.
Pot contenir informació privada sotmesa al secret professional, la distribució 
de la qual està prohibida per la legislació vigent.

-------------------------------------------------------------------------
SF.Net email is sponsored by: 
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users