OK, I got the note about using the policy "redundancy" to separate the logging rules.
Making great progress. Shorewall is relatively intuitive if you are familiar with the whole iptables thing. But it has been a few years since I wrote my own firewalls. 'nuther question: I have this: Nov 29 19:38:01 voyager kernel: Shorewall:mangle:PREROUTING:IN=eth1 OUT= MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 DST=224.0.0.251 LEN=118 TOS=0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 Nov 29 19:38:01 voyager kernel: Shorewall:nat:PREROUTING:IN=eth1 OUT= MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 DST=224.0.0.251 LEN=118 TOS =0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 From what I can figure out this is a macbook that is sending out some kind of Multicast DNS. Never heard of it. It's not handled by the DNS macro. I guess this is part of Bonjour (which I'm liking less and less all the time -- why must they reinvent everything). I'm going to guess that bind9 doesn't support this and doesn't seem to need to. So it would be safe to set a rule like: DROP loc all tcp 5353 DROP loc all udp 5353 Yes/No? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
