Re: [Shorewall-users] Rules in Place

CACook Fri, 17 Aug 2012 12:01:31 -0700

On Friday, 17 August, 2012 10:41:40 Tom Eastep wrote:
>       shorewall show
> 
> instead. That uses 'iptables -L -n -v' which is the only way to see what 
> your ruleset is really doing.


OK.  But if the DROP policy is applied to each chain, and that rule is come to 
first, why are all my packets not dropped?  Firewall seems to be working OK, 
but trying to learn something.


# shorewall show
Shorewall 4.5.5.3 filter Table at hex - Fri Aug 17 11:54:29 PDT 2012

Counters reset Fri Aug 17 09:29:06 PDT 2012

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
15269   11M net2fw     all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 net2fw     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 local2fw   all  --  vboxnet0 *       0.0.0.0/0            0.0.0.0/0 
          
 2708  199K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         LOG flags 0 level 6 prefix "Shorewall:INPUT:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
    0     0 net_frwd   all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 net_frwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 local2net  all  --  vboxnet0 wlan0   0.0.0.0/0            0.0.0.0/0 
          
    0     0 local2net  all  --  vboxnet0 eth0    0.0.0.0/0            0.0.0.0/0 
          
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         LOG flags 0 level 6 prefix "Shorewall:FORWARD:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
15038 2510K fw2net     all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0   
        
    0     0 fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0   
        
    0     0 fw2local   all  --  *      vboxnet0  0.0.0.0/0            0.0.0.0/0 
          
 2708  199K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0   
        
    0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         LOG flags 0 level 6 prefix "Shorewall:OUTPUT:DROP:"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Rules in Place

Reply via email to