Re: [Shorewall-users] Shorewall Actions

Tom Eastep Mon, 10 Dec 2007 10:01:13 -0800

Oscar Mas wrote:
> Tom Eastep wrote:
>> Oscar Mas wrote:
>>   
>>> Hi....
>>>
>>> I'm using shorewall from debian etch package. I like add one rule from 
>>> action, but not work.
>>>
>>> wg:~# shorewall version
>>> 3.2.6
>>>
>>> wg:~# dpkg -l | grep shorewall
>>> ii  shorewall                         3.2.6-2                         
>>> Shoreline Firewall (Shorewall), a high-level
>>>
>>> wg:~# cat /etc/shorewall/shorewall.conf | grep CONFIG_PATH=
>>>         CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
>>>
>>> wg:~# vi /etc/shorewall/actions
>>>         icmpok
>>>
>>> wg:~# vi /etc/shorewall/action.icmpok
>>>         
>>> ######################################################################################
>>>         #TARGET  SOURCE         DEST            PROTO   DEST    
>>> SOURCE          RATE    USER/
>>>         #                                               PORT    
>>> PORT(S)         LIMIT   GROUP
>>>         ACCEPT  loc             $FW             icmp
>>>         #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>>>
>>> wg:~# shorewall clear && shorewall start
>>>
>>> When I ping to the server from my network he say:
>>>
>>> [EMAIL PROTECTED]:~$ ping 192.168.1.1 -c 2
>>> PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
>>>  From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
>>>  From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
>>>
>>> --- 192.168.1.1 ping statistics ---
>>> 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1002ms
>>>
>>> The rule don't work, what is the error ?
>>>     
>>
>> You haven't invoked the action in your rules file.
>>
>> -Tom
>>   
> Ops.... sorry.... this is the problem, but when I add the reule,
> shorewall crash:
> 
> wg:~# vi /etc/shorewall/rules
> ......
> ACCEPT          loc             $FW             tcp     8500    # GoldFusion
> ACCEPT          loc             $FW             udp     1194    # OpenVPN
> icmpok:debug   -                -                    -
> .....
> 
> this is correct ?
>


Actually, your action is incorrect. You cannot place the name of a zone in
either the SOURCE or DEST in an action body.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

signature.asc
Description: OpenPGP digital signature

-------------------------------------------------------------------------
SF.Net email is sponsored by: 
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Shorewall Actions

Reply via email to