-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/07/2016 05:51 AM, Gaétan QUENTIN wrote: > Hi, > > I have configured shorewall that way: > > The host: - ubuntu 16.10 - shorewall 5.0.11-1. - only 1 nic > > shorewall: /etc/shorewall/shorewall.conf: > INVALID_LOG_LEVEL=$LOG:invlev LOGFORMAT="Shorewall:%s:%s:" > LOGTAGONLY=No MACLIST_LOG_LEVEL=$LOG:maclist > RPFILTER_LOG_LEVEL=$LOG:rpfilter SFILTER_LOG_LEVEL=$LOG:filter > SMURF_LOG_LEVEL=$LOG:smurf TCP_FLAGS_LOG_LEVEL=$LOG:tcp-flags > > > /etc/shorewall/params: LOG=NFLOG > > /etc/shorewall/zones: fw firewall net ipv4 > > /etc/shorewall/policy: $FW all ACCEPT > net all DROP $LOG > > /etc/shorewall/interfaces: net enp0s20f0 > tcpflags,logmartians,nosmurfs,sourceroute=0 > > /etc/shorewall/rules: Invalid(DROP):$LOG net > $FW tcp Ping(ACCEPT):$LOG net > $FW > > > ulogd: [global] > stack=log:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,firewall:LOGEMU > > > > [firewall] file="/var/log/firewall.log" sync=1 > > > RESULTS ------------------ > > when forbidden traffic arrives , i see only that in log file: > /var/log/firewall.log: > > Shorewall:net-fw:DROP: IN=enp0s20f0 OUT= > MAC=00:07:cb:03:f6:84:cc:46:d6:b2:c9:f1:08:00 LEN=0 TOS=00 > PREC=0x00 TTL=0 ID=0 PROTO=0 MARK=0 > > > NO IP,port or protocol info. > > How to change it?
Which ulogd plugins are you loading? - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYSKcoAAoJEJbms/JCOk0QiukP+gPGt0x2mzglOPeMAqzVZqyp Hef1SDJKMr3bzDo2BQidfnxof547hmEnEM92vjx5AVhCqhuys/h6oH4ioIzvziPa T/3dC3snBnQ+yQfWZ1m+W6svctd1fc89n4fPZlm9+zfQpV52gBqhKaStdqgT0q2+ 3+VoILwgVvQVDqNXocqgvzNJPEnlAgQyw0NDHoT/Xe+4dNgTfSsdT62IfyyCHRs0 z/iGKbm1h1033ms1ipwPnU6elhql204GWMhk5z2dEWdvpj26eJeVzYOocoApZ8dh oA21w7XNjqVgFBOJqz0S9grP2E8Lr3kQ/f/A7TCyBlmzxnOmgOSpKdS2TYLpRmhf HkgZG5l35hFrouxnzqZs8z2BLIul0leIwjqX9cXQbU923iSqIq8+VTi3lmox2reH Fi3aTCDkuzvKt0YwCW8o2Y20VXUUCGMwqrLlqo3Nj7q642zMPlL09rkiPRpropjp fM0vWsopt4oqy9tnKnQRtmDbJM2DgXqLBDkdUG7DXizL8P9UalS2TO0VnNS5K0si 2cdTb4cpkANvPZasfUL7ovURNAfXxsI09ud5B9cCF7DAs02Sf1smcNvGGZTyGdGh EeOO8u1+6OxasuFLMFBFyvtRXBX5oBqwQIB5PBSNdRTNNMqbqlzP6dw0efvIP/2g lMydoCDgX9gaZBfoeO0d =iUHB -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
