[Shorewall-users] Problems with Shorewall squid changing

Wed, 19 Sep 2012 06:35:29 -0700 

Hi!

We use Shorewall squid to block unwanted web sites. In the file 
etc/squid/squid-block.acl is the web sites list. I removed one name from the 
list. For testing I removed from list all sites. Then I ran 
"etc/init.d/shorewall restart". But the web sites are still blocked. Before 
restart I made "shorewall check". Result is same. All those sites are bloked. 
Below is outputs of some command. Where is the problem?

/etc/squid$ shorewall check
Checking...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Checking /etc/shorewall/policy...
Adding Anti-smurf Rules
   WARNING: The 'norfc1918' option is deprecated
Checking /usr/share/shorewall/rfc1918...
Checking TCP Flags filtering...
Checking Kernel Route Filtering...
Checking Martian Logging...
Checking /etc/shorewall/masq...
Checking MAC Filtration -- Phase 1...
Checking /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Checking MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Shorewall configuration verified
-----------------------------------------
/etc/squid$ shorewall restart
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
Determining Hosts in Zones...
Preprocessing Action Files...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Compiling /etc/shorewall/routestopped for critical hosts...
Compiling /etc/shorewall/routestopped...
Adding Anti-smurf Rules
   WARNING: The 'norfc1918' option is deprecated
Compiling /usr/share/shorewall/rfc1918...
Compiling TCP Flags filtering...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/masq...
Compiling MAC Filtration -- Phase 1...
Compiling /etc/shorewall/rules...
Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Reject for chain Reject...
Processing /usr/share/shorewall/action.Drop for chain Drop...
Compiling MAC Filtration -- Phase 2...
Applying Policies...
Generating Rule Matrix...
Creating iptables-restore input...
Compiling iptables-restore input for chains blacklst,mangle:...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Processing /etc/shorewall/params ...
Restarting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Setting up ARP filtering...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Accept Source Routing...
Setting up Proxy ARP...
Setting up Traffic Control...
Preparing iptables-restore input...
Running /sbin/iptables-restore...
IPv4 Forwarding Enabled
Processing /etc/shorewall/start ...
Processing /etc/shorewall/started ...
done.
--------------------------------------------

/etc/squid$ /sbin/shorewall version
4.2.10
--------------------------------------------
/etc/squid$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1e:c9:55:54:09 brd ff:ff:ff:ff:ff:ff
    inet 88.196.75.122/30 brd 88.196.75.123 scope global eth0
    inet 192.168.67.15/24 brd 192.168.67.255 scope global eth0
    inet6 fe80::21e:c9ff:fe55:5409/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1a:70:11:be:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 brd 192.168.3.255 scope global eth1
    inet6 fe80::21a:70ff:fe11:be86/64 scope link 
       valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
-------------------------------------------------
/etc/squid$ ip route show
88.196.75.120/30 dev eth0  proto kernel  scope link  src 88.196.75.122 
192.168.3.0/24 dev eth1  proto kernel  scope link  src 192.168.3.1 
192.168.67.0/24 dev eth0  proto kernel  scope link  src 192.168.67.15 
169.254.0.0/16 dev eth0  scope link 
default via 88.196.75.121 dev eth0 

Best Regards,
Arvi

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to