On 09/06/2013 08:24 AM, Tom Eastep wrote:
> On 09/06/2013 07:32 AM, Steve Wray wrote:
>> Believe it or not, the firewall is doing something. Mostly its rate
>> limiting and sanity checking. We are working toward a more robust
>> firewall but our application is pretty sensitive to closed ports and
>> doesn't have a connection tracking module. Shorewall is definitely
>> helping, even at this stage though, on our other servers. This is the
>> only one with any shorewall problem.
>>
>> Here is the output as requested;
>>
>> WARNING: Option EXPORTPARAMS=Yes is deprecated
>> /etc/shorewall/shorewall.conf (line 168) at
>> /usr/share/shorewall/Shorewall/Config.pm line 3601
>> Shorewall::Config::process_shorewall_conf(0, 0) called at
>> /usr/share/shorewall/Shorewall/Config.pm line 3935
>> Shorewall::Config::get_configuration(0, 0, 0) called at
>> /usr/share/shorewall/Shorewall/Compiler.pm line 623
>> Shorewall::Compiler::compiler('script', '', 'directory',
>> '/etc/shorewall/', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called
>> at /usr/share/shorewall/compiler.pl <http://compiler.pl> line 134
>> WARNING: RFC1918_LOG_LEVEL=ULOG ignored. The 'norfc1918'
>> interface/host option is no longer supported at
>> /usr/share/shorewall/Shorewall/Config.pm line 4223
>> Shorewall::Config::get_configuration(0, 0, 0) called at
>> /usr/share/shorewall/Shorewall/Compiler.pm line 623
>> Shorewall::Compiler::compiler('script', '', 'directory',
>> '/etc/shorewall/', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called
>> at /usr/share/shorewall/compiler.pl <http://compiler.pl> line 134
>> ERROR: Log level INFO requires LOG Target in your kernel and iptables
>> at /usr/share/shorewall/Shorewall/Config.pm line 964
>> Shorewall::Config::fatal_error('Log level INFO requires LOG
>> Target in your kernel and iptables') called at
>> /usr/share/shorewall/Shorewall/Config.pm line 3376
>> Shorewall::Config::require_capability('LOG_TARGET', 'Log level
>> INFO', 's') called at /usr/share/shorewall/Shorewall/Config.pm line 2532
>> Shorewall::Config::validate_level('info') called at
>> /usr/share/shorewall/Shorewall/Chains.pm line 5174
>> Shorewall::Chains::log_rule_limit('info', 'HASH(0xa56eb60)',
>> 'sfilter', 'DROP', '', '', 'add', '') called at
>> /usr/share/shorewall/Shorewall/Chains.pm line 5256
>> Shorewall::Chains::log_rule('info', 'HASH(0xa56eb60)', 'DROP',
>> '') called at /usr/share/shorewall/Shorewall/Misc.pm line 713
>> Shorewall::Misc::add_common_rules(0) called at
>> /usr/share/shorewall/Shorewall/Compiler.pm line 696
>> Shorewall::Compiler::compiler('script', '', 'directory',
>> '/etc/shorewall/', 'verbosity', 1, 'timestamp', 0, 'debug', ...) called
>> at /usr/share/shorewall/compiler.pl <http://compiler.pl> line 134
>
> S_FILTER_LOG_LEVEL defaults to 'info', so you need to change iot.The attached simple patch will catch cases like this. patch /usr/share/shorewall/Shorewall/Config.pm < DEFAULT_LOG.patch It applies with an offset on 4.5.5.3. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 2c5986d..6d160c5 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -3518,7 +3518,7 @@ sub default_log_level( $$ ) {
my $value = $config{$level};
unless ( supplied $value ) {
- $config{$level} = $default;
+ $config{$level} = validate_level $default;
} else {
$config{$level} = validate_level $value;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
