Re: [Shorewall-devel] zone names are concatenated without a dash for INVALID log rules

Sun, 03 Apr 2016 12:04:19 -0700 

The following rule, as first entry under

?SECTION NEW
Invalid(DROP):NFLOG(4)          all             all

generates these entries. (I reproduced it on a test system, let me know if
you would like the config and I'll tar it up.)

The Invalid action is mentioned in the Shorewall6 example for the three
interface setup.

> #       Don't allow connection pickup from the net
> #
> Invalid(DROP)    net        all        tcp

Or should I just remove that action?

On Sun, Apr 3, 2016 at 7:53 PM, Tom Eastep <[email protected]> wrote:

> On 04/03/2016 08:23 AM, Sven Kirmess wrote:
> > Shorewall 4.6.13.4 (on Bering-uClibc) creates an incorrect log entry for
> > INVALID packets. It creates chains like these where the two zone names
> > are concatenated without a dash in between them.
> >
> >
> > Chain ~log95 (1 references)
> >  pkts bytes target     prot opt in     out     source
> > destination
> >     0     0 NFLOG      all  --  *      *       0.0.0.0/0
> > <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>
> > nflog-prefix  "Shorewall:netvoip:DROP:" nflog-group 4
> >     0     0 DROP       all  --  *      *       0.0.0.0/0
> > <http://0.0.0.0/0>            0.0.0.0/0 <http://0.0.0.0/0>
> >
> >
>
> I am unable to reproduce this problem. Please send me (privately) a copy
> of your shorewall configuration directory.
>
> Thanks,
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
> _______________________________________________
> Shorewall-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-devel
>
>

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Reply via email to