Believe it or not, the firewall is doing something. Mostly its rate
limiting and sanity checking. We are working toward a more robust firewall
but our application is pretty sensitive to closed ports and doesn't have a
connection tracking module. Shorewall is definitely helping, even at this
stage though, on our other servers. This is the only one with any shorewall
problem.
Here is the output as requested;
WARNING: Option EXPORTPARAMS=Yes is deprecated
/etc/shorewall/shorewall.conf (line 168) at
/usr/share/shorewall/Shorewall/Config.pm line 3601
Shorewall::Config::process_shorewall_conf(0, 0) called at
/usr/share/shorewall/Shorewall/Config.pm line 3935
Shorewall::Config::get_configuration(0, 0, 0) called at
/usr/share/shorewall/Shorewall/Compiler.pm line 623
Shorewall::Compiler::compiler('script', '', 'directory',
'/etc/shorewall/', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/share/shorewall/compiler.pl line 134
WARNING: RFC1918_LOG_LEVEL=ULOG ignored. The 'norfc1918' interface/host
option is no longer supported at /usr/share/shorewall/Shorewall/Config.pm
line 4223
Shorewall::Config::get_configuration(0, 0, 0) called at
/usr/share/shorewall/Shorewall/Compiler.pm line 623
Shorewall::Compiler::compiler('script', '', 'directory',
'/etc/shorewall/', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/share/shorewall/compiler.pl line 134
ERROR: Log level INFO requires LOG Target in your kernel and iptables at
/usr/share/shorewall/Shorewall/Config.pm line 964
Shorewall::Config::fatal_error('Log level INFO requires LOG Target
in your kernel and iptables') called at
/usr/share/shorewall/Shorewall/Config.pm line 3376
Shorewall::Config::require_capability('LOG_TARGET', 'Log level
INFO', 's') called at /usr/share/shorewall/Shorewall/Config.pm line 2532
Shorewall::Config::validate_level('info') called at
/usr/share/shorewall/Shorewall/Chains.pm line 5174
Shorewall::Chains::log_rule_limit('info', 'HASH(0xa56eb60)',
'sfilter', 'DROP', '', '', 'add', '') called at
/usr/share/shorewall/Shorewall/Chains.pm line 5256
Shorewall::Chains::log_rule('info', 'HASH(0xa56eb60)', 'DROP', '')
called at /usr/share/shorewall/Shorewall/Misc.pm line 713
Shorewall::Misc::add_common_rules(0) called at
/usr/share/shorewall/Shorewall/Compiler.pm line 696
Shorewall::Compiler::compiler('script', '', 'directory',
'/etc/shorewall/', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called at
/usr/share/shorewall/compiler.pl line 134
Checking...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Checking /etc/shorewall/zones...
Checking /etc/shorewall/interfaces...
Determining Hosts in Zones...
Locating Action Files...
Checking /usr/share/shorewall/action.Drop for chain Drop...
Checking /usr/share/shorewall/action.Broadcast for chain Broadcast...
Checking /usr/share/shorewall/action.Invalid for chain Invalid...
Checking /usr/share/shorewall/action.NotSyn for chain NotSyn...
Checking /usr/share/shorewall/action.Reject for chain Reject...
Checking /etc/shorewall/policy...
On 6 September 2013 21:31, Tom Eastep <[email protected]> wrote:
>
>
> On 9/5/2013 7:03 PM, Steve Wray wrote:
> > $FW $FW ACCEPT - -
> > $FW net ACCEPT - -
> > net $FW ACCEPT - -
>
> With those policies, why have a firewall?
>
> At any rate, please 'shorewall check -T' and forward the output.
>
> Thanks,
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
