On 5/3/2020 11:16 AM, Nicola Ferrari (#554252) wrote:
Hi list...I've been using shorewall for several years.. Thank you for your great job. Now i'm testing a new machine, with ubuntu, in a "two-interface" config. Everything is working fine.. I'm only getting WARNING: "You are using the deprecated Reject default action. Please see WARNING: "You are using the deprecated Drop default action. Please see http://www.shorewall.net/Actions.html on restart. My policy file used to be net all DROP all all REJECT info
Mine is still with this syntax.
my intention was to drop everything coming from the net to the fw, and reject and log other connections (eg from loc to net) - exept for rules in /shorewall/rules that got passed. How shoud I 'translate' this config in the new versions? Seems that should be net all Drop(-,DROP) all all Reject(audit,REJECT)
You can do that if you want to change the defaults set in shorewall[6].conf (1).
but i can't fully understand the new policy/action concept...
Did you copy your files from the old system to the new system? If so, you might need to do a 'shorewall update' on the new system. 1) https://shorewall.org/Actions.html#Default -- Matt Darfeuille <[email protected]> Shorewall Project Committee, one of four core members https://sourceforge.net/p/shorewall/mailman/message/36596609/ https://shorewall.org _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
