Package: shorewall6
Version: 4.4.7.4-2
Severity: normal
Hello,
I have set up the following basic configuration for shorewall6:
r...@pc-vincent:/etc/shorewall6# grep -v '#' zones interfaces hosts
policy rules
zones:
fw firewall - - -
net ipv6 - - -
loc:net ipv6 - - -
interfaces:
net eth0 detect dhcp,nosmurfs,tcpflags
hosts:
loc eth0:<fe80::216:17ff:fe6b:8a4f/128> -
policy:
$FW all ACCEPT
loc all REJECT info
net all DROP info
all all REJECT info
rules:
SECTION NEW
SMB(ACCEPT) loc $FW
SSH(ACCEPT) loc $FW
This configuration works but gives the following message:
[ 2482.278141] Shorewall:loc2fw:REJECT:IN=eth0 OUT= MAC=
SRC=fe80:0000:0000:0000:0216:17ff:fe6b:8a4f
DST=ff02:0000:0000:0000:0000:0000:0000:00fb LEN=143 TC=0 HOPLIMIT=255 FLOWLBL=0
PROTO=UDP SPT=5353 DPT=5353 LEN=103
I found out that the port 5353 is that of the mDNS service. After adding the
rule:
mDNS(ACCEPT) loc $FW
to the file /etc/shorewall6/rules and restarting, I get the following error
message in /var/log/shorewall6-init.log:
18:09:51 Compiling MAC Filtration -- Phase 1...
18:09:51 Compiling /etc/shorewall6/rules...
18:09:51 ..Expanding Macro /usr/share/shorewall/macro.mDNS...
The log file doesn't show any error message after that last line and
shorewall6 isn't starting.
I have the same macro in my shorewall (ipv4) rules file and it works there
without any problems. I suspect that the problem is that the macro uses some
IPv4 (multicast-)addresses. Can it be that shorewall6 doesn't parse these
IPv4 addresses correctly? I think there should be an IPv6 version of the macro
mDNS.
Regards,
Vincent Smeets
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages shorewall6 depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii iproute 20100224-3 networking and traffic control too
ii iptables 1.4.6-2 administration tools for packet fi
ii shorewall 4.4.7.5-1 Shoreline Firewall, netfilter conf
shorewall6 recommends no packages.
Versions of packages shorewall6 suggests:
ii linux-image-2.6.32-3-amd64 [l 2.6.32-9 Linux 2.6.32 for 64-bit PCs
ii make 3.81-7 An utility for Directing compilati
ii shorewall-doc 4.4.7-1 documentation for Shoreline Firewa
-- debconf information:
shorewall6/major_release:
shorewall6/dont_restart:
shorewall6/invalid_config:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
