>> In point f) (http://www.shorewall.net/Audit.html) you explain how >> action.Drop could be utilised to use audit - is this the physical file >> "action.Drop" I need to amend/look at or is there something else? >> >> > > I would > > - Copy the file somewhere else on your CONFIG_PATH > (http://www.shorewall.net/configuration_file_basics.htm#CONFIG_PATH) > - Rename the copy to avoid confusion > - Modify the copy as needed. You might also need to copy macros like > macro.SMB that are invoked by the action if you want audited copies of those > as well > - Modify shorewall.conf (DROP_DEFAULT) to name the copy > > You may also want to do that for action.Reject if you want auditing of any > REJECT policy enforcement. > This is hilarious this is!
OK, this is what I've done: 1. I've copied /usr/share/shorewall/action.Drop and /usr/share/shorewall/action.Reject to /etc/shorewall as they were the only two action.* files in that directory (I left actions.std in /usr/share/shorewall) 2. mv /etc/shorewall/action.Drop /etc/shorewall/action.ADrop && mv /etc/shorewall/action.Reject /etc/shorewall/action.AReject 3. Edited shorewall.conf to change DROP_DEFAULT="ADrop" and REJECT_DEFAULT="AReject" (/etc/shorewall is in my CONFIG_PATH) 4. "shorewall check" gives me "ERROR: Default Action DROP_DEFAULT=ADrop not found" 5. I then figured shorewall must be treating ADrop as a "user-defined" action which needs to be listed in actions. So, I added "ADrop # replaces the default Drop action" and "AReject # replaces the default Reject action" to /etc/shorewall/actions 6. Ran "shorewall check" again and got this "ERROR: Internal error in Shorewall::Chains::new_chain at /usr/share/shorewall/Shorewall/Chains.pm line 1200" This was after building the latest Beta3 with your DEVNUM.patch applied. The patch works, though I have a suggestion: a device as defined in tcclasses has (automatically or not) defined value in hex, but the error message(s) produced by shorewall which relate to that device refer to this number using decimal, not hex! I think there should be a consistency and report everything in hex. Now, I am still completely in the dark where the definitions of all the allowBcast, allowInvalid, allowinUPnP, allowoutUPnP, dropBcast, dropInvalid, dropNotSyn, forwardUPnP and rejNotSyn are so that I could add the "audit" option allowing auditing. My ultimate goal also is to be able to control all the auto-generated chains with the names of the above actions so that I could audit those - I take it after redefining the above actions this is what would happen. ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
