On 5/23/11 4:37 PM, Mr Dash Four wrote: >> > This is hilarious this is!
Glad to hear you are laughing. > > OK, this is what I've done: > > 1. I've copied /usr/share/shorewall/action.Drop and > /usr/share/shorewall/action.Reject to /etc/shorewall as they were the > only two action.* files in that directory (I left actions.std in > /usr/share/shorewall) Okay. > 2. mv /etc/shorewall/action.Drop /etc/shorewall/action.ADrop && mv > /etc/shorewall/action.Reject /etc/shorewall/action.AReject > 3. Edited shorewall.conf to change DROP_DEFAULT="ADrop" and > REJECT_DEFAULT="AReject" (/etc/shorewall is in my CONFIG_PATH) > 4. "shorewall check" gives me "ERROR: Default Action DROP_DEFAULT=ADrop > not found" You need to add it to your /etc/shorewall/actions file. > 5. I then figured shorewall must be treating ADrop as a "user-defined" > action which needs to be listed in actions. So, I added "ADrop # > replaces the default Drop action" and "AReject # replaces the default > Reject action" to /etc/shorewall/actions > 6. Ran "shorewall check" again and got this "ERROR: Internal error in > Shorewall::Chains::new_chain at /usr/share/shorewall/Shorewall/Chains.pm > line 1200" The patch that I posted in response Steven Springl's report may fix this. > > Now, I am still completely in the dark where the definitions of all the > allowBcast, allowInvalid, allowinUPnP, allowoutUPnP, dropBcast, > dropInvalid, dropNotSyn, forwardUPnP and rejNotSyn are so that I could > add the "audit" option allowing auditing. In /etc/shorewall/A*, replace allowBcast with allowBcast(reject), etc. > > My ultimate goal also is to be able to control all the auto-generated > chains with the names of the above actions so that I could audit those - > I take it after redefining the above actions this is what would happen. Well, if you really want to audit every broadcast that your firewall receives, then go for it. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
