Tom Eastep wrote: > Tom Eastep wrote: >> Nerijus Baliunas wrote: >>> Hello, >>> >>> I have Shorewall 4.2.7, shorewall.conf: >>> SHOREWALL_COMPILER=perl >>> LOG_MARTIANS=Yes >>> >>> interfaces: >>> net eth2 detect dhcp,logmartians=0 >>> >>> But I still see in logs: >>> martian destination 0.0.0.0 from 86.100.x.x, dev eth2 >>> >>> Is it possible to disable martian logging only on a specific interface? >> The above works fine here. Which distribution are you running? > > I've done some more research and I discover, once again, that there is > no consistency in how the various flags in /proc/sys/net/ipv4/conf/ > work. The algorithm that I'm using for logmartians doesn't work > correctly when LOG_MARTIANS=Yes in shorewall.conf. So until I'm able to > rework it, you will have to set LOG_MARTIANS=No in shorewall.conf and > set each interface explicitly with logmartians=[0|1].
Another workaround is to simply include this in /etc/shorewall/start:
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
