On 07/25/2013 04:33 AM, Tiemen Ruiten wrote: > Hello shorewall users, > > I'm testing the new Events feature in shorewall 4.5.19 (on Arch Linux) > and noticed there are a few things that seem to be amiss: > > - in /usr/share/shorewall/action.IfEvent, line 50, it says second, not > seconds (as is documented in the iptables-extensions man page).
Interestingly enough, 'second' seems to be accepted, at least by iptables 1.4.15. > > - to use SSH limiting as is described in the example on > http://www.shorewall.net/Events.html, I need to define an additional > SSH_BLACKLIST action in /etc/shorewall/actions or shorewall check will > fail with: > > ERROR: Unknown ACTION (SSH_BLACKLIST) /usr/share/shorewall/action.IfEvent > > - after I add the SSH_BLACKLIST action I get the following warning when > running shorewall check: > > Checking /etc/shorewall/action.SSH_BLACKLIST for chain SSH_BLACKLIST... > WARNING: Log Prefix shortened to "Shorewall:SSH_BLACKLIST:LOG: " You can ignore that -- I used the name 'SSH_BLACKLIST' because that's what the original web article used. > /etc/shorewall/action.SSH_BLACKLIST (line 10) > from /usr/share/shorewall/action.IfEvent (line 138) > from /etc/shorewall/action.SSH_LIMIT (line 14) > from /etc/shorewall/rules (line 37) > > > - shorewall check validates the configuration, but when I do a shorewall > restart I get the following error: > > Running /sbin/iptables-restore... > iptables-restore v1.4.19.1: unknown option "--reap" > Error occurred at line: 85 > Try `iptables-restore -h' or 'iptables-restore --help' for more information. > ERROR: iptables-restore Failed. Input is in > /var/lib/shorewall/.iptables-restore-input > Processing /etc/shorewall/stop ... > Processing /etc/shorewall/tcclear ... > Running /sbin/iptables-restore... > IPv4 Forwarding Enabled > Processing /etc/shorewall/stopped ... > /usr/share/shorewall/lib.common: line 113: 9618 Terminated > $SHOREWALL_SHELL $script $options $@ > > The contents of iptables-restore-input are in the attachment. > > Anything I can do to work around or fix this? Hmmm -- a similar rule works in my configuration (Debian Wheezy with iptables 1.4.15 + xtables-addons), even with 'second' rather than 'seconds'. If you correct that typo in /usr/share/shorewall/action.IfEvent, does the problem go away? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
