I was trying to use DROP since it's on the man page:
http://shorewall.net/manpages4/manpages/shorewall-mangle.html
and
http://shorewall.net/manpages/shorewall-mangle.html
Bill
On 1/2/2016 12:19 PM, Tom Eastep wrote:
> On 01/02/2016 06:19 AM, Bill Shirley wrote:
>> [1:root@elmo shorewall 148]$ rpm -q shorewall
>> shorewall-4.6.11.1-2.fc22.noarch
>>
>> I'm trying to log any unmatched esp traffic in the mangle table and getting
>> an error:
>> Checking /etc/shorewall/mangle...
>> ERROR: LOG requires a level /etc/shorewall/mangle (line 63)
>>
>> params:
>> MY_LOG_HASHLIMIT="-m hashlimit --hashlimit-upto 3/min --hashlimit-burst 2
>> --hashlimit-name lograte --hashlimit-mode srcip
>> --hashlimit-htable-expire 60000"
>>
>> mangle (all four INLINEs fail):
>> CONTINUE:P - - esp { test=!0/$CONNMASK }
>> #INLINE:P - - esp ; -j LOG --log-level 4 --log-prefix "Unknown esp
>> partner"
>> #INLINE:P - - esp ; -j LOG --log-level warning --log-prefix "Unknown
>> esp partner" $MY_LOG_HASHLIMIT
>> INLINE:P - - esp ; -j LOG --log-level 4 --log-prefix "Unknown esp
>> partner" $MY_LOG_HASHLIMIT
>> #INLINE:P - - esp ; $MY_LOG_HASHLIMIT -j LOG --log-level 4
>> --log-prefix "Unknown esp partner"
>
> Unfortunately, there is no way currently to do what you want. Sorry.
>
>>
>> Also getting an error when I try to use DROP:
>> Checking /etc/shorewall/mangle...
>> ERROR: Invalid ACTION (DROP) /etc/shorewall/mangle (line 61)
>>
>> mangle:
>> DROP:P - - esp
>
> DROP isn't supported in the mangle file (man shorewall-mangle).
>
> -Tom
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
