Tom Allison wrote: > Shorewall Geek wrote: >> Tom Allison wrote: >>> OK, I got the note about using the policy "redundancy" to separate the >>> logging rules. >>> >>> >>> Making great progress. Shorewall is relatively intuitive if you are >>> familiar with the whole iptables thing. But it has been a few years >>> since I wrote my own firewalls. >>> >>> >>> 'nuther question: >>> >>> I have this: >>> Nov 29 19:38:01 voyager kernel: Shorewall:mangle:PREROUTING:IN=eth1 OUT= >>> MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 >>> DST=224.0.0.251 LEN=118 >>> TOS=0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 >>> Nov 29 19:38:01 voyager kernel: Shorewall:nat:PREROUTING:IN=eth1 OUT= >>> MAC=01:00:5e:00:00:fb:00:19:e3:d6:1c:50:08:00 SRC=192.168.1.102 >>> DST=224.0.0.251 LEN=118 TOS >>> =0x18 PREC=0x00 TTL=255 ID=51329 PROTO=UDP SPT=5353 DPT=5353 LEN=98 >>> >>> >>> From what I can figure out this is a macbook that is sending out some >>> kind of Multicast DNS. Never heard of it. It's not handled by the DNS >>> macro. I guess this is part of Bonjour (which I'm liking less and less >>> all the time -- why must they reinvent everything). >>> >>> I'm going to guess that bind9 doesn't support this and doesn't seem to >>> need to. So it would be safe to set a rule like: >>> >>> DROP loc all tcp 5353 >>> DROP loc all udp 5353 >>> >>> Yes/No? >> Why don't you just turn off LOGALLNEW like everyone else who uses >> Shorewall does? > > Actually, I did. I think it's logging on my loglevel setting and not > the logallnew (which is no). But part of this answer is to ensure that > I'm understanding this shorewall structure. LOGALLNEW=No doesn't help > that part of the process. >
The log entries you posted are only generated when LOGALLNEW=Yes ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
