To cut down on the amount of clutter appearing in my firewall log, I silently blacklist certain traffic. In shorewall.conf, I set BLACKLIST_LOGLEVEL="". Then in /etc/shorewall/blacklist, I have the equivalent of: 0.0.0.0/0 tcp 57 0.0.0.0/0 tcp 1023 0.0.0.0/0 udp 1025:1032 0.0.0.0/0 udp 1434 0.0.0.0/0 tcp 1433 0.0.0.0/0 tcp 2745 0.0.0.0/0 tcp 3127 0.0.0.0/0 tcp 3410 0.0.0.0/0 tcp 4899 0.0.0.0/0 tcp 5554 0.0.0.0/0 tcp 8081 0.0.0.0/0 tcp 9898 Hmm - it doesn't work for me!
I put: 0.0.0.0/0 udp 1025:1032 in /etc/shorewall/blacklist and: BLACKLIST_LOGLEVEL="" in /etc/shorewall/shorewall.conf and am still getting udp packets targeting 1025 to 1032. BTW, should the null_string be assigned to BLACKLIST_LOGLEVEL (as above), or should it really be a null ('')? The comments in the file state that if no logging is required, then BLACKLIST_LOGLEVEL shouldn't be assigned to i.e commented out. Jim Ford ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/