Tom Allison wrote: > OK, I got the note about using the policy "redundancy" to separate the > logging rules. > > > Making great progress. Shorewall is relatively intuitive if you are > familiar with the whole iptables thing. But it has been a few years > since I wrote my own firewalls. > > > 'nuther question: > > I have this: > Nov 29 19:38:01 voyager kernel: Shorewall:mangle:PREROUTING:IN=eth1 OUT= > MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 > DST=224.0.0.251 LEN=118 > TOS=0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 > Nov 29 19:38:01 voyager kernel: Shorewall:nat:PREROUTING:IN=eth1 OUT= > MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 > DST=224.0.0.251 LEN=118 TOS > =0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 > > > From what I can figure out this is a macbook that is sending out some > kind of Multicast DNS. Never heard of it. It's not handled by the DNS > macro. I guess this is part of Bonjour (which I'm liking less and less > all the time -- why must they reinvent everything). > > I'm going to guess that bind9 doesn't support this and doesn't seem to > need to. So it would be safe to set a rule like: > > DROP loc all tcp 5353 > DROP loc all udp 5353 > > Yes/No?
Why don't you just turn off LOGALLNEW like everyone else who uses Shorewall does? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
