[Shorewall-users] Please help: Shorewall 4.4.8 captures all traffic as "world" on both loc & net on a bridge firewall

Wed, 14 Apr 2010 17:36:50 -0700 

Hello All,

I¹ve installed the vanilla shorewall F12, I¹ve got it installed on a couple
of other servers with no problems. no matter how I define the zones and
interfaces, shorewall logs and allows, rejects or drops only traffic to
world.

ACCEPT:info     net:<myip>/32           $FW       icmp
Shorewall:world2fw:REJECT:IN=br0

ACCEPT:info     world:<myip>/32           $FW       icmp
Shorewall:world2fw:ACCEPT:IN=br0

Cheers
Hatim


cat zones 
############################################################################
###
#ZONE    TYPE    OPTIONS            IN            OUT
#                    OPTIONS            OPTIONS
fw        firewall
world        ipv4
net:world    bport
loc:world    bport
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

cat interfaces
############################################################################
###
#ZONE    INTERFACE    BROADCAST    OPTIONS
world    br0        detect        bridge,logmartians,nosmurfs,norfc1918
net    br0:eth0
loc    br0:eth1
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

cat policy
#SOURCE        DEST        POLICY        LOG LEVEL    LIMIT:BURST
loc        net        ACCEPT
net        all        DROP        info
all        all        REJECT        info
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE



shorewall version
4.4.8

ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
    link/ether <> brd ff:ff:ff:ff:ff:ff
    inet6 <>/64 scope link
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
    link/ether <> brd ff:ff:ff:ff:ff:ff
    inet6 <>/64 scope link
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN 
    link/ether 00:0a:cd:19:d2:56 brd ff:ff:ff:ff:ff:ff
    inet <server IP adress>/25 brd <brcast> scope global br0
    inet6 <>/64 scope link
       valid_lft forever preferred_lft forever


Ps masked information and real Ips

$ ip route show
<my net> dev br0  proto kernel  scope link  src <my ip>
169.254.0.0/16 dev br0  scope link  metric 1004
default via <gateway ip> dev br0




------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to