Hi, I'd like to know how to rewrite my custom Drop action for Shorewall 5.1.
My goal is to add the SRC IP address of a remote host that tries to connect to an "unpublished"/unavailable port. To do that I created a custom DROP action and included it at the very end of my rules file. Custom action: # grep -v ^# /etc/shorewall/action.DROPBL | grep -v ^$ ?warning "You are using the deprecated Drop default action. Please see http://www.shorewall.net/Actions.html#Default"; ?if passed(@1) ?if @1 eq 'audit' DEFAULTS -,-,A_DROP,A_ACCEPT,A_DROP,A_DROP ?else ?error The first parameter to Drop must be 'audit' or '-' ?endif ?else DEFAULTS -,-,DROP,ACCEPT,DROP,DROP ?endif COUNT ?if passed(@2) Auth(@2) ?endif AllowICMPs(@4) - - icmp Broadcast(DROP,@1) Multicast(DROP,@1) Invalid(DROP,@1) SMB(@3) DropUPnP(@6) NotSyn(DROP,@1) - - tcp DropDNSrep(@5) ADD(POL_BL:src) # grep DROP_DEFAULT /etc/shorewall/shorewall.conf DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" # tail -n 1 /etc/shorewall/rules DROPBL:info:polbl net4 all # grep ^net4 /etc/shorewall/policy net4 $FW DROP net4 loc DROP net4 dmz DROP net4 net3 DROP net4 net2 DROP net4 net1 DROP net4 all DROP First of all I was thinking of changing my rules file and replacing this line: DROPBL:info:polbl net4 all with this other line: ADD(POL_BL:src):info:polbl net4 all Would I get the same behavior, considering that the default policy is DROP? If that were the case I would not need to define the DROPBL custom action. If not, how would I need to re-write my custom action? I tried the solution to replace DROPBL with ADD and got the following results: # grep LOGTAGONLY /etc/shorewall/shorewall.conf LOGTAGONLY=Yes shorewall check shows: WARNING: Log Prefix shortened to "Shorewall:polbl:ADD(POL_BL:s " This is on a box with Shorewall 5.0.15.6. Despite the log tag issue the rest seems to be working as expected. With shorewall 5.1.4.1 the log tag warning doesn't show up, but I'm still in the process of moving to that version. Thanks, Vieri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
