> 'man shorewall.conf' and look for TCP_FLAGS_LOG_LEVEL > > [...] > Look at the first rule again. Apparently, there is an optional interface > that is not currently up so Shorewall uses an unmatchable address > (0.0.0.0) in that case. > > [...] > > man shorewall.conf and look for SMURF_LOG_LEVEL > That did it - all of the smurflogs and tcplogs chains are gone now - as they should. As for this interface which isn't running - it is my tun0 device, though I have a reference (i.e. a jump) to the smurfs chain from net2fw (it follows immediately after blacklst), so I am not sure that's right.
I have also discovered this little gem: Chain AReject (0 references) pkts bytes target prot opt in out source destination 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 A_REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */ I am not at all clear how the first statement will be executed! ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
