On 10/18/10 6:52 AM, N dhert wrote: > Last week, I prepared a new shorewall firewall, first tested it with the > Basic One-interface example > everything OK > . > Today, it seems my shorewall does not log anymore into /var/log/messages > DROP actions specified in /etc/shorewall/rules > > These are my config files > interfaces: > net eth0 detect dhcp,tcpflags,logmartians,nosmurfs > zones: > fw firewall > net ipv4 > policy: > $FW net ACCEPT > net all DROP info > all all REJECT info
> rules: > ACCEPT net:143.129.75.1 $FW icmp > DROP net $FW icmp > ACCEPT $FW net icmp > ACCEPT net:143.129.75.1 $FW tcp 22 > > last week, I got DROP records from the 2nd rule in rules files into the > /var/log/messages No you did not. You got ping packets logged BEFORE YOU ADDED THAT RULE because logging (info) is configured on your net->all policy. Get rid of that second rule -- you don't need it and it is too general; ICMP is much more than just ping (echo-request) and should not be blocked unconditionally. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
