Luca,
The Wikipedia entry may be referring to the command 'shorewall
logwatch', which shows (as they happen) messages which shorewall has
added to the linux kernel filter rules.
Or possibly to 'shorewall show', which you can use to print out various
facts about the shorewall configuration.
Shorewall is only involved in creating the firewall - the linux kernel
is the thing that makes it happen. So you can use any tool you wish to
monitor the linux kernel messages, such as journalctl, dmesg, syslog and
probably more.
Of course _interpreting_ the messages you see is another story, and not
an easy one. I personally like shorewall because you have a sufficient
degree of control but the config you create is moderated with "wisdom"
from the creators. That doesn't mean it is simple.
Basic messages will be to inform you that a packet has been dropped or
rejected. Dropped packets are just silently thrown away, while rejection
involves sending a packet back to the sender telling them it was
rejected. Neither packet gets to its destination.
Using the Macro facility is a bit of faff to start with but makes the
rules file _a lot_ more comprehensible, so I suggest it is used. I
haven't found a good list of existing macros (not saying it's not
there!) but they're all under /usr/share/lib/shorewall, IIRC.
Get to know the tools tcpdump (which is simple) and tshark (which is
complex but rewards with a lot more in return) for inspecting the
traffic on the various interfaces of the computer. You can (perhaps even
should) use multiple terminal windows to view different network
interfaces simultaneously, which will give you a better idea of how
things are changed. tshark is the command line version of wireshark, and
is simpler and faster to use for this purpose.
If you are using VLANs, NAT or Masquerade things get a lot more complex
because the packet addresses are being munged. I heartily recommend a
good book on TCP/IP before delving into debugging these issues. I am
still of the opinion that "Richard W. Stevens" book "TCP/IP Illustrated
Volume 1" (and Vol 2) are the best, but other people may differ.
Hope this helps,
Ruth
On 10/10/2025 09:43, Luca Saccarola wrote:
Hi there,
Wikipedia (https://en.wikipedia.org/wiki/Shorewall) states that "A
monitoring utility packaged with Shorewall can be used to watch the
status of the system as it operates and to assist in testing.". Can
you tell me which utility they are referring to ?
Best,
Luca
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
