On 07/22/2013 07:49 AM, Tom Eastep wrote: >> 3 - Carter, is there a possibility to implement an option inside >> shorewall to restart the rules with this "debug/comment" applied, so my >> rules files stay in the same format as today? If ?comment was used in >> this case, ?comment could just point to the line number inside "rules", >> "policy", etc. > Carter? > > I can take a look at implementing something in 4.5.20.
This will be in 4.5.20 Beta 1. Sample output attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Shorewall 4.5.20-Beta1 Chain net-dmz at gateway - Tue Jul 23 08:07:03 PDT 2013
Counters reset Mon Jul 22 15:54:10 PDT 2013
Chain net-dmz (1 references)
pkts bytes target prot opt in out source destination
10532 705K net-dmz~ all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,NEW,UNTRACKED /* @@@ /etc/shorewall/blrules:5 @@@ */
0 0 eth0_fop all -- eth0 * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:5 @@@ */
160K 14M eth1_fop all -- eth1 * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/interfaces:4 @@@ */
114 6644 +net-dmz all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate RELATED /* @@@ /etc/shorewall/rules:20 @@@ */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ctstate INVALID,UNTRACKED /* @@@ /etc/shorewall/rules:27 @@@ */
8620 494K @net-all tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcpflags: 0x17/0x02 /* @@@ /etc/shorewall/rules:37 @@@ */
79 4156 AutoBL tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 /* @@@ /etc/shorewall/rules:138 @@@ */
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:33434:33454 /* @@@ /etc/shorewall/rules:143 @@@ */
348 18424 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 limit: up to 2/min burst 4 mode srcip /* @@@
/etc/shorewall/rules:144 @@@ */
11 660 ACCEPT tcp -- * * 0.0.0.0/0
70.90.191.122 multiport dports 443,993 /* @@@ /etc/shorewall/rules:147
@@@ */
4557 266K ACCEPT tcp -- * * 0.0.0.0/0
70.90.191.124 multiport dports 80,443,465,587,993 /* @@@
/etc/shorewall/rules:148 @@@ */
3242 185K ACCEPT tcp -- * * 0.0.0.0/0
70.90.191.125 multiport dports 80,21 /* @@@ /etc/shorewall/rules:149 @@@
*/
120 6792 Mirrors tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:873 /* @@@ /etc/shorewall/rules:150 @@@ */
27 1030 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmptype 8 /* @@@ /usr/share/shorewall/macro.Ping:11 @@@ */
44 2592 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,443 /* @@@ /etc/shorewall/rules:153 @@@ */
0 0 DROP all -- * * 82.96.96.3 0.0.0.0/0
/* @@@ /etc/shorewall/rules:233 @@@ */
0 0 DROP all -- * * 85.190.0.3 0.0.0.0/0
/* @@@ /etc/shorewall/rules:233 @@@ */
485 63232 Geo all -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/policy:33 @@@ */
140 18290 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
limit: up to 5/min burst 5 mode srcip /* @@@ /etc/shorewall/policy:33
@@@ */ nflog-prefix ": net-dmz DROP" nflog-group 1 nflog-threshold 1
315 51533 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
/* @@@ /etc/shorewall/policy:33 @@@ */
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
