On 5/23/11 6:21 PM, Mr Dash Four wrote: > >> 'man shorewall.conf' and look for TCP_FLAGS_LOG_LEVEL >> >> [...] >> Look at the first rule again. Apparently, there is an optional interface >> that is not currently up so Shorewall uses an unmatchable address >> (0.0.0.0) in that case. >> >> [...] >> >> man shorewall.conf and look for SMURF_LOG_LEVEL >> > That did it - all of the smurflogs and tcplogs chains are gone now - as > they should. As for this interface which isn't running - it is my tun0 > device, though I have a reference (i.e. a jump) to the smurfs chain from > net2fw (it follows immediately after blacklst), so I am not sure that's > right. > > I have also discovered this little gem: > > Chain AReject (0 references) > pkts bytes target prot opt in out source > destination > 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 > 0 0 A_REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 /* Auth */
AReject is yours, not mine. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
