On 01/02/2016 06:19 AM, Bill Shirley wrote:
> [1:root@elmo shorewall 148]$ rpm -q shorewall
> shorewall-4.6.11.1-2.fc22.noarch
>
> I'm trying to log any unmatched esp traffic in the mangle table and getting
> an error:
> Checking /etc/shorewall/mangle...
> ERROR: LOG requires a level /etc/shorewall/mangle (line 63)
>
> params:
> MY_LOG_HASHLIMIT="-m hashlimit --hashlimit-upto 3/min --hashlimit-burst 2
> --hashlimit-name lograte --hashlimit-mode srcip
> --hashlimit-htable-expire 60000"
>
> mangle (all four INLINEs fail):
> CONTINUE:P - - esp { test=!0/$CONNMASK }
> #INLINE:P - - esp ; -j LOG --log-level 4 --log-prefix "Unknown esp
> partner"
> #INLINE:P - - esp ; -j LOG --log-level warning --log-prefix "Unknown
> esp partner" $MY_LOG_HASHLIMIT
> INLINE:P - - esp ; -j LOG --log-level 4 --log-prefix "Unknown esp
> partner" $MY_LOG_HASHLIMIT
> #INLINE:P - - esp ; $MY_LOG_HASHLIMIT -j LOG --log-level 4
> --log-prefix "Unknown esp partner"Unfortunately, there is no way currently to do what you want. Sorry. > > Also getting an error when I try to use DROP: > Checking /etc/shorewall/mangle... > ERROR: Invalid ACTION (DROP) /etc/shorewall/mangle (line 61) > > mangle: > DROP:P - - esp DROP isn't supported in the mangle file (man shorewall-mangle). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
