Tom
Using kernel 2.6.39, iptables 1.4.11 and xtables-addons 1.35
If the config. does not have a capabilities file, the following policy works:
all all DROP:audit warn
If a capabilities file is created, the following error message is produced:
ERROR: :audit requires AUDIT Target in your kernel and
iptables : /etc/shorewallBBB/policy (line 13)
A copy of the capabilities file is attached.
I have manually entered the following iptables rule to confirm that the audit
feature is working:
iptables -A INPUT -j AUDIT --type drop
Steven.
#
# Shorewall 4.4.20-Beta5 detected the following iptables/netfilter capabilities
- Sun May 29 15:16:43 BST 2011
#
NAT_ENABLED=Yes
MANGLE_ENABLED=Yes
MULTIPORT=Yes
XMULTIPORT=Yes
CONNTRACK_MATCH=Yes
NEW_CONNTRACK_MATCH=Yes
OLD_CONNTRACK_MATCH=
USEPKTTYPE=Yes
POLICY_MATCH=Yes
PHYSDEV_MATCH=Yes
PHYSDEV_BRIDGE=Yes
LENGTH_MATCH=Yes
IPRANGE_MATCH=Yes
RECENT_MATCH=Yes
OWNER_MATCH=Yes
IPSET_MATCH=Yes
OLD_IPSET_MATCH=
CONNMARK=Yes
XCONNMARK=Yes
CONNMARK_MATCH=Yes
XCONNMARK_MATCH=Yes
RAW_TABLE=Yes
IPP2P_MATCH=Yes
OLD_IPP2P_MATCH=
CLASSIFY_TARGET=Yes
ENHANCED_REJECT=Yes
KLUDGEFREE=Yes
MARK=Yes
XMARK=Yes
EXMARK=Yes
MANGLE_FORWARD=Yes
COMMENTS=Yes
ADDRTYPE=Yes
TCPMSS_MATCH=Yes
HASHLIMIT_MATCH=Yes
OLD_HL_MATCH=
NFQUEUE_TARGET=Yes
REALM_MATCH=Yes
HELPER_MATCH=Yes
CONNLIMIT_MATCH=Yes
TIME_MATCH=Yes
GOTO_TARGET=Yes
LOGMARK_TARGET=Yes
IPMARK_TARGET=Yes
LOG_TARGET=Yes
PERSISTENT_SNAT=Yes
TPROXY_TARGET=Yes
FLOW_FILTER=Yes
FWMARK_RT_MASK=Yes
MARK_ANYWHERE=Yes
HEADER_MATCH=
ACCOUNT_TARGET=Yes
CAPVERSION=40417
KERNELVERSION=20639
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
