On 10/27/2017 09:42 AM, cac...@quantum-sci.com wrote: > On 10/27/2017 09:24 AM, PGNet Dev wrote: >> On 10/27/17 8:48 AM, cac...@quantum-sci.com wrote: >>> In fact half the time, REJECTs and DROPs are -not- logged, and I have >>> to figure out why without the aid of informational messages. >> >> Shorewall does a great job of doing exactly what it's told to do. >> >> If "half the time, REJECTs and DROPs are -not- logged" it's likely you >> haven't defined policy/rules to log REJECTs and DROPs. >> >> This is the best place to start: >> >> http://shorewall.org/shorewall_logging.html#Log > > Glad to read it's worked so well for you. >
Well, so far, all you have given us is a log message, one rule, and a "It works sometimes". Given that the rule you posted doesn't include a log level, but a log message is being produced, I am wondering if the fw->net policy is ACCEPT with a log level specified. If that is the case, then I can understand that you would be concerned that the rule is somehow not being effective. For these types of problems, the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines is most helpful to us. Thanks, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
