I've managed to get Bering/Shorewall running, and am happy with the rules that I've set in Shorewall to define which packets can pass, and which should be dropped.
Shorewall is logging packets which are rejected/blocked, which I believe is correct. Having reviewed the blocked packets, I'm happy that it did block them - most of them are SQL Slammer probes on UDP/1434.
So.... Why does the web-interface show the Firewall as "Error" when there are lots of rejected/dropped packets? Surely that's what the Firewall should be doing?
Or am I completely wrong?
No, you're right. The "error" syntax is because I pretty much just duplicated the reporting for free memory and disk space when creating the CGI script to check the firewall logs.
Think of an "error" or "warning" in this context to mean: "Check your firewall logs, and make sure you're not under attack".
Note you can control the threasholds for error and warning levels by editing /etc/weblet.conf. Any error/warning level can also be completely disabled by setting it's threashold value to -1.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
