Shorewall Geek wrote: > Tom Allison wrote: >> OK, I got the note about using the policy "redundancy" to separate the >> logging rules. >> >> >> Making great progress. Shorewall is relatively intuitive if you are >> familiar with the whole iptables thing. But it has been a few years >> since I wrote my own firewalls. >> >> >> 'nuther question: >> >> I have this: >> Nov 29 19:38:01 voyager kernel: Shorewall:mangle:PREROUTING:IN=eth1 OUT= >> MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 >> DST=224.0.0.251 LEN=118 >> TOS=0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 >> Nov 29 19:38:01 voyager kernel: Shorewall:nat:PREROUTING:IN=eth1 OUT= >> MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 >> DST=224.0.0.251 LEN=118 TOS >> =0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 >> >> >> From what I can figure out this is a macbook that is sending out some >> kind of Multicast DNS. Never heard of it. It's not handled by the DNS >> macro. I guess this is part of Bonjour (which I'm liking less and less >> all the time -- why must they reinvent everything). >> >> I'm going to guess that bind9 doesn't support this and doesn't seem to >> need to. So it would be safe to set a rule like: >> >> DROP loc all tcp 5353 >> DROP loc all udp 5353 >> >> Yes/No? > > Why don't you just turn off LOGALLNEW like everyone else who uses > Shorewall does?
Actually, I did. I think it's logging on my loglevel setting and not the logallnew (which is no). But part of this answer is to ensure that I'm understanding this shorewall structure. LOGALLNEW=No doesn't help that part of the process. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
