plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SYSLOG.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_XML.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GPRINT.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFACCT.so"
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GRAPHITE.so"
2016-12-08 1:19 GMT+01:00 Tom Eastep <[email protected]>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 12/07/2016 05:51 AM, Gaétan QUENTIN wrote:
> > Hi,
> >
> > I have configured shorewall that way:
> >
> > The host: - ubuntu 16.10 - shorewall 5.0.11-1. - only 1 nic
> >
> > shorewall: /etc/shorewall/shorewall.conf:
> > INVALID_LOG_LEVEL=$LOG:invlev LOGFORMAT="Shorewall:%s:%s:"
> > LOGTAGONLY=No MACLIST_LOG_LEVEL=$LOG:maclist
> > RPFILTER_LOG_LEVEL=$LOG:rpfilter SFILTER_LOG_LEVEL=$LOG:filter
> > SMURF_LOG_LEVEL=$LOG:smurf TCP_FLAGS_LOG_LEVEL=$LOG:tcp-flags
> >
> >
> > /etc/shorewall/params: LOG=NFLOG
> >
> > /etc/shorewall/zones: fw firewall net ipv4
> >
> > /etc/shorewall/policy: $FW all ACCEPT
> > net all DROP $LOG
> >
> > /etc/shorewall/interfaces: net enp0s20f0
> > tcpflags,logmartians,nosmurfs,sourceroute=0
> >
> > /etc/shorewall/rules: Invalid(DROP):$LOG net
> > $FW tcp Ping(ACCEPT):$LOG net
> > $FW
> >
> >
> > ulogd: [global]
> > stack=log:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,
> print1:PRINTPKT,firewall:LOGEMU
> >
> >
> >
> > [firewall] file="/var/log/firewall.log" sync=1
> >
> >
> > RESULTS ------------------
> >
> > when forbidden traffic arrives , i see only that in log file:
> > /var/log/firewall.log:
> >
> > Shorewall:net-fw:DROP: IN=enp0s20f0 OUT=
> > MAC=00:07:cb:03:f6:84:cc:46:d6:b2:c9:f1:08:00 LEN=0 TOS=00
> > PREC=0x00 TTL=0 ID=0 PROTO=0 MARK=0
> >
> >
> > NO IP,port or protocol info.
> >
> > How to change it?
>
> Which ulogd plugins are you loading?
>
> - -Tom
> - --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJYSKcoAAoJEJbms/JCOk0QiukP+gPGt0x2mzglOPeMAqzVZqyp
> Hef1SDJKMr3bzDo2BQidfnxof547hmEnEM92vjx5AVhCqhuys/h6oH4ioIzvziPa
> T/3dC3snBnQ+yQfWZ1m+W6svctd1fc89n4fPZlm9+zfQpV52gBqhKaStdqgT0q2+
> 3+VoILwgVvQVDqNXocqgvzNJPEnlAgQyw0NDHoT/Xe+4dNgTfSsdT62IfyyCHRs0
> z/iGKbm1h1033ms1ipwPnU6elhql204GWMhk5z2dEWdvpj26eJeVzYOocoApZ8dh
> oA21w7XNjqVgFBOJqz0S9grP2E8Lr3kQ/f/A7TCyBlmzxnOmgOSpKdS2TYLpRmhf
> HkgZG5l35hFrouxnzqZs8z2BLIul0leIwjqX9cXQbU923iSqIq8+VTi3lmox2reH
> Fi3aTCDkuzvKt0YwCW8o2Y20VXUUCGMwqrLlqo3Nj7q642zMPlL09rkiPRpropjp
> fM0vWsopt4oqy9tnKnQRtmDbJM2DgXqLBDkdUG7DXizL8P9UalS2TO0VnNS5K0si
> 2cdTb4cpkANvPZasfUL7ovURNAfXxsI09ud5B9cCF7DAs02Sf1smcNvGGZTyGdGh
> EeOO8u1+6OxasuFLMFBFyvtRXBX5oBqwQIB5PBSNdRTNNMqbqlzP6dw0efvIP/2g
> lMydoCDgX9gaZBfoeO0d
> =iUHB
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------
> ------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/xeonphi
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
--
Gaétan QUENTIN
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
