Re: [Shorewall-users] various logs activated - how to disable

Sun, 04 May 2008 10:10:03 -0700 

Mekabe Ramein wrote:




On 5/4/08, *Tom Eastep* <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


    That is a very foolish policy. I hope you don't expect this firewall to
    actually stop anything.

     > lan     wan     ACCEPT
     > fire    wan     ACCEPT
     > fire    lan     ACCEPT
     > wan     fire    REJECT
     > lan     fire    ACCEPT


 
 
My LAN subnet is not reachable directly because it is not routed. I am 
using NAT on my WAN interface.
And, this is just or beginning. I might think of hardening the rules 
when everything is working fine.



If I were connected to the same IP network as your WAN interface, I 
could get to every one of your LAN systems. They are COMPLETELY 
ACCESSIBLE from within that network.





    A) If you would show us one of these messages rather than complain about
    them, we might be able to help you. Shorewall FAQ 17 might also be
    helpful.


 
Some examples:
BANDWIDTH_IN:IN=br0 OUT= PHYSIN=wlan0 
MAC=00:0d:b9:12:cf:91:00:0e:35:83:22:7d:08:00 SRC=192.168.254.1 
<http://192.168.254.1> DST=192.168.254.254 <http://192.168.254.254> 
LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=42547 DF PROTO=TCP SPT=3813 DPT=22 
WINDOW=15904 RES=0x00 ACK PSH URGP=0
BANDWIDTH_OUT:IN= OUT=br0 SRC=192.168.254.254 <http://192.168.254.254> 
DST=192.168.254.1 <http://192.168.254.1> LEN=92 TOS=0x10 PREC=0x00 
TTL=64 ID=37603 DF PROTO=TCP SPT=22 DPT=3813 WINDOW=8576 RES=0x00 ACK 
PSH URGP=0


Those are coming from the entries in your /etc/shorewall/start file.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key




Attachment:
signature.asc

Description: OpenPGP digital signature


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



























					Reply via email to