My shorewall dropped packets arent logged anymore.
When I read my log, it began after a syslog reload, so I may have
changed syslog configuration, but dont remember nor see anything weird
in syslog.conf.
/var/log/messages
Oct 5 19:13:03 kim kernel: Shorewall:net2fw:DROP:IN=eth0 OUT=
MAC=00:1c:c0:65:22:3d:00:0f:90:98:e1:02:08:00 SRC=77.75.35.146
DST=91.121.169.122 LEN=40 TOS=0
x00 PREC=0x00 TTL=244 ID=13716 PROTO=TCP SPT=3025 DPT=1039 WINDOW=4096
RES=0x00 SYN URGP=0
Oct 5 19:21:18 kim exiting on signal 15
Oct 5 19:21:19 kim syslogd 1.4.1#18: restart.
Oct 5 19:41:19 kim -- MARK --
If I understand the output of shorewall show, packets dropped ARE logged
but they dont show in /var/log/messages. I added a specific kern.info
log file which remains desperatetly empty.
I attach the related sections of conofig files and a shorewall dump output
syslog.conf
[...]
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
kern.info /var/log/kern.info
[...]
Logging to kern.info works
[EMAIL PROTECTED]:/var/log# logger -p kern.info "test syslog"
[EMAIL PROTECTED]:/var/log# tail -n 1 /var/log/messages
Nov 8 11:39:15 kim root: test syslog
shorewall.conf
[...]
LOGFORMAT="Shorewall:%s:%s:"
LOGTAGONLY=No
LOGRATE=
LOGBURST=
LOGALLNEW=info
BLACKLIST_LOGLEVEL=
MACLIST_LOG_LEVEL=info
TCP_FLAGS_LOG_LEVEL=info
RFC1918_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
LOG_MARTIANS=No
[...]
[...]
DROP_DEFAULT="Drop"
REJECT_DEFAULT="Reject"
ACCEPT_DEFAULT="none"
QUEUE_DEFAULT="none"
NFQUEUE_DEFAULT="none"
[...]
/etc/shorewall/policy
$FW net ACCEPT
net $FW DROP info
net all DROP info
all all REJECT info
[EMAIL PROTECTED]:/var/log# /sbin/shorewall version
4.0.14
[EMAIL PROTECTED]:/var/log# ip addr show
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:1c:c0:65:22:3d brd ff:ff:ff:ff:ff:ff
inet 91.121.169.122/24 brd 91.121.169.255 scope global eth0
inet 91.121.42.145/32 brd 91.255.255.255 scope global eth0:0
inet 91.121.46.150/32 brd 91.255.255.255 scope global eth0:1
inet 91.121.43.206/32 brd 91.255.255.255 scope global eth0:2
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 06:e6:3f:82:5c:3a brd ff:ff:ff:ff:ff:ff
4: tunl0: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
5: gre0: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
[EMAIL PROTECTED]:/var/log# ip route show
91.121.169.0/24 dev eth0 proto kernel scope link src 91.121.169.122
default via 91.121.169.254 dev eth0
Shorewall 4.0.14 Dump at kim.posteurs.com - Sat Nov 8 11:58:46 CET 2008
Shorewall-perl 4.0.14
Counters reset Sat Nov 8 11:23:08 CET 2008
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4304 247K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:filter:INPUT:'
6218 433K eth0_in 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
2675 365K ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:filter:FORWARD:'
0 0 eth0_fwd 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
582 45503 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:filter:OUTPUT:'
1989 328K eth0_out 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
2675 365K ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (1 references)
pkts bytes target prot opt in out source destination
4 176 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
4042 230K dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
3397 150K dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
2 156 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
21 1092 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
3372 148K dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (6 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2fw (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2fw:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain all2net (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2net:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
645 79718 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match dst-type BROADCAST
0 0 DROP 0 -- * * 0.0.0.0/0 224.0.0.0/4
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
2 96 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 smurfs 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
4128 235K dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
4128 235K smurfs 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
5192 291K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
6218 433K net2fw 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth0_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
1989 328K fw2net 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:fw2all:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
1585 294K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
404 33838 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 4 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
2090 198K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
36 2968 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
2 84 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:80
1 44 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:443
5 284 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:22
1 44 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:21
11 564 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:25
1 44 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:143
1 44 ACCEPT tcp -- * * 0.0.0.0/0
91.121.169.122 tcp dpt:993
3 174 ACCEPT udp -- * * 0.0.0.0/0
91.121.42.145 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
91.121.42.145 tcp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
91.121.42.145 tcp dpt:10022
0 0 ACCEPT tcp -- * * 0.0.0.0/0
91.121.46.150 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
91.121.46.150 tcp dpt:443
1 44 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:79
20 1000 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:1433
4046 230K Drop 0 -- * * 0.0.0.0/0 0.0.0.0/0
3372 148K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
3372 148K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (13 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
4 176 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * * 0.0.0.0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST LOG flags 0 level 6 prefix
`Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
ADDRTYPE match src-type BROADCAST
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
NAT Table
Chain PREROUTING (policy ACCEPT 4133 packets, 237K bytes)
pkts bytes target prot opt in out source destination
4133 237K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:nat:PREROUTING:'
Chain POSTROUTING (policy ACCEPT 585 packets, 45429 bytes)
pkts bytes target prot opt in out source destination
581 45269 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:nat:POSTROUTING:'
Chain OUTPUT (policy ACCEPT 581 packets, 45269 bytes)
pkts bytes target prot opt in out source destination
581 45269 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:nat:OUTPUT:'
Mangle Table
Chain PREROUTING (policy ACCEPT 8901 packets, 801K bytes)
pkts bytes target prot opt in out source destination
4311 249K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:mangle:PREROUTING:'
8901 801K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 8894 packets, 798K bytes)
pkts bytes target prot opt in out source destination
4304 247K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:mangle:INPUT:'
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:mangle:FORWARD:'
0 0 tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4664 packets, 693K bytes)
pkts bytes target prot opt in out source destination
4664 693K tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 4664 packets, 693K bytes)
pkts bytes target prot opt in out source destination
582 45503 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
state NEW LOG flags 0 level 6 prefix `Shorewall:mangle:POSTROUTING:'
4664 693K tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 351789 ESTABLISHED src=194.167.139.252 dst=91.121.169.122
sport=53484 dport=80 packets=519 bytes=27401 src=91.121.169.122
dst=194.167.139.252 sport=80 dport=53484 packets=1233 bytes=1649652 [ASSURED]
mark=0 use=1
tcp 6 431895 ESTABLISHED src=88.161.152.179 dst=91.121.169.122 sport=1115
dport=143 packets=312 bytes=20824 src=91.121.169.122 dst=88.161.152.179
sport=143 dport=1115 packets=310 bytes=160725 [ASSURED] mark=0 use=1
udp 17 34 src=127.0.0.1 dst=127.0.0.1 sport=20787 dport=53 packets=32
bytes=2435 src=127.0.0.1 dst=127.0.0.1 sport=53 dport=20787 packets=32
bytes=7175 [ASSURED] mark=0 use=1
tcp 6 431941 ESTABLISHED src=88.161.152.179 dst=91.121.169.122 sport=1125
dport=993 packets=239 bytes=16726 src=91.121.169.122 dst=88.161.152.179
sport=993 dport=1125 packets=205 bytes=23277 [ASSURED] mark=0 use=1
tcp 6 431666 ESTABLISHED src=82.238.240.107 dst=91.121.169.122 sport=45736
dport=143 packets=766 bytes=47591 src=91.121.169.122 dst=82.238.240.107
sport=143 dport=45736 packets=428 bytes=62390 [ASSURED] mark=0 use=1
tcp 6 19 TIME_WAIT src=91.121.169.122 dst=193.251.214.115 sport=45003
dport=110 packets=9 bytes=518 src=193.251.214.115 dst=91.121.169.122 sport=110
dport=45003 packets=12 bytes=742 [ASSURED] mark=0 use=1
tcp 6 431895 ESTABLISHED src=88.161.152.179 dst=91.121.169.122 sport=1113
dport=993 packets=282 bytes=20029 src=91.121.169.122 dst=88.161.152.179
sport=993 dport=1113 packets=252 bytes=78673 [ASSURED] mark=0 use=1
tcp 6 431999 ESTABLISHED src=88.161.152.179 dst=91.121.169.122 sport=1120
dport=22 packets=1328 bytes=94636 src=91.121.169.122 dst=88.161.152.179
sport=22 dport=1120 packets=1245 bytes=380692 [ASSURED] mark=0 use=2
tcp 6 431894 ESTABLISHED src=88.161.152.179 dst=91.121.169.122 sport=1121
dport=993 packets=256 bytes=18373 src=91.121.169.122 dst=88.161.152.179
sport=993 dport=1121 packets=226 bytes=47633 [ASSURED] mark=0 use=1
tcp 6 431895 ESTABLISHED src=88.161.152.179 dst=91.121.169.122 sport=1114
dport=993 packets=220 bytes=16032 src=91.121.169.122 dst=88.161.152.179
sport=993 dport=1114 packets=190 bytes=22597 [ASSURED] mark=0 use=1
tcp 6 431966 ESTABLISHED src=79.93.20.15 dst=91.121.169.122 sport=3724
dport=143 packets=533 bytes=32464 src=91.121.169.122 dst=79.93.20.15 sport=143
dport=3724 packets=445 bytes=81564 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:1c:c0:65:22:3d brd ff:ff:ff:ff:ff:ff
inet 91.121.169.122/24 brd 91.121.169.255 scope global eth0
inet 91.121.42.145/32 brd 91.255.255.255 scope global eth0:0
inet 91.121.46.150/32 brd 91.255.255.255 scope global eth0:1
inet 91.121.43.206/32 brd 91.255.255.255 scope global eth0:2
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 06:e6:3f:82:5c:3a brd ff:ff:ff:ff:ff:ff
4: tunl0: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
5: gre0: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
3920178196 14793499 0 0 0 0
TX: bytes packets errors dropped carrier collsns
3920178196 14793499 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:1c:c0:65:22:3d brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1957878769 62426983 0 0 0 3143
TX: bytes packets errors dropped carrier collsns
344871117 61369037 0 0 0 0
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 06:e6:3f:82:5c:3a brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
4: tunl0: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
5: gre0: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
/proc
/proc/version = Linux version 2.6.24.5-grsec-xxxx-grs-ipv4-32 ([EMAIL
PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #3 SMP
Wed May 28 09:09:25 CEST 2008
/proc/sys/net/ipv4/ip_forward = 0
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/dummy0/proxy_arp = 0
/proc/sys/net/ipv4/conf/dummy0/arp_filter = 0
/proc/sys/net/ipv4/conf/dummy0/arp_ignore = 0
/proc/sys/net/ipv4/conf/dummy0/rp_filter = 1
/proc/sys/net/ipv4/conf/dummy0/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/gre0/proxy_arp = 0
/proc/sys/net/ipv4/conf/gre0/arp_filter = 0
/proc/sys/net/ipv4/conf/gre0/arp_ignore = 0
/proc/sys/net/ipv4/conf/gre0/rp_filter = 1
/proc/sys/net/ipv4/conf/gre0/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 1
/proc/sys/net/ipv4/conf/lo/log_martians = 0
/proc/sys/net/ipv4/conf/tunl0/proxy_arp = 0
/proc/sys/net/ipv4/conf/tunl0/arp_filter = 0
/proc/sys/net/ipv4/conf/tunl0/arp_ignore = 0
/proc/sys/net/ipv4/conf/tunl0/rp_filter = 1
/proc/sys/net/ipv4/conf/tunl0/log_martians = 0
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
local 91.121.46.150 dev eth0 proto kernel scope host src 91.121.46.150
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 91.121.169.255 dev eth0 proto kernel scope link src 91.121.169.122
local 91.121.43.206 dev eth0 proto kernel scope host src 91.121.43.206
broadcast 91.255.255.255 dev eth0 proto kernel scope link src 91.121.42.145
broadcast 91.255.255.255 dev eth0 proto kernel scope link src 91.121.46.150
broadcast 91.255.255.255 dev eth0 proto kernel scope link src 91.121.43.206
local 91.121.169.122 dev eth0 proto kernel scope host src 91.121.169.122
local 91.121.42.145 dev eth0 proto kernel scope host src 91.121.42.145
broadcast 91.121.169.0 dev eth0 proto kernel scope link src 91.121.169.122
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
91.121.169.0/24 dev eth0 proto kernel scope link src 91.121.169.122
default via 91.121.169.254 dev eth0
ARP
? (91.121.169.254) at 00:00:0C:07:AC:01 [ether] on eth0
? (91.121.169.250) at 00:1F:C6:82:75:CA [ether] on eth0
Modules
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Not available
Physdev-is-bridged Support: Not available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
TCPMSS Match: Available
Hashlimit Match: Available
NFQUEUE Target: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 47589512291 bytes 61369044 pkt (dropped 0, overlimits 0 requeues 8)
rate 0bit 0pps backlog 0b 0p requeues 8
TC Filters
Device eth0:
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
