Hi,
I have configured shorewall that way:
The host:
- ubuntu 16.10
- shorewall 5.0.11-1.
- only 1 nic
shorewall:
/etc/shorewall/shorewall.conf:
INVALID_LOG_LEVEL=$LOG:invlev
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
MACLIST_LOG_LEVEL=$LOG:maclist
RPFILTER_LOG_LEVEL=$LOG:rpfilter
SFILTER_LOG_LEVEL=$LOG:filter
SMURF_LOG_LEVEL=$LOG:smurf
TCP_FLAGS_LOG_LEVEL=$LOG:tcp-flags
/etc/shorewall/params:
LOG=NFLOG
/etc/shorewall/zones:
fw firewall
net ipv4
/etc/shorewall/policy:
$FW all ACCEPT
net all DROP $LOG
/etc/shorewall/interfaces:
net enp0s20f0
tcpflags,logmartians,nosmurfs,sourceroute=0
/etc/shorewall/rules:
Invalid(DROP):$LOG net $FW tcp
Ping(ACCEPT):$LOG net $FW
ulogd:
[global]
stack=log:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,firewall:LOGEMU
[firewall]
file="/var/log/firewall.log"
sync=1
RESULTS
------------------
when forbidden traffic arrives , i see only that in log file:
/var/log/firewall.log:
Shorewall:net-fw:DROP: IN=enp0s20f0 OUT=
MAC=00:07:cb:03:f6:84:cc:46:d6:b2:c9:f1:08:00 LEN=0 TOS=00 PREC=0x00 TTL=0
ID=0 PROTO=0 MARK=0
NO IP,port or protocol info.
How to change it?
--
Gaétan QUENTIN
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
