I''m noticing some weirdness in my ulog files with version 2.0.10. Here is a portion of the log: Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP SPT=631 DPT=631 LEN=77 Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=108 TOS=00 PREC=0x00 TTL=64 ID=44156 CE PROTO=UDP SPT=631 DPT=631 LEN=88 Specifically, it''s the "AllowWOL" portion of the output that bothers me, since these aren''t log entries from the AllowWOL action, but from the AllowIPP action. Background: My /etc/shorewall/rules has the following (relevant) entries: ... AllowPing:ULOG fw all AllowWOL:ULOG loc all AllowWOL:ULOG fw all ... AllowIPP loc loc AllowIPP fw loc AllowIPP loc fw ... The AllowPing is the standard action, and is the only other ULOG-ed rule. The custom action.AllowWOL is: # This action accepts ''wake-on-LAN'' requests. ######################################################################## # #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT PORT(S) LIMIT GROUP ACCEPT - - udp 9 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE And action.AllowIPP is: # This action accepts IPP (Rendezvous printing) traffic. ######################################################################## # #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT PORT(S) LIMIT GROUP ACCEPT - - udp 631 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I have several other "custom" actions as well, but I don''t think those are relevant. My question is why do the logs show "AllowWOL" instead of "AllowIPP", which is the rule that is actually triggering the log entry? And, in fact, why are these AllowIPP entries being logged at all, since I don''t specify that in /etc/shorewall/rules? - Colin
Colin Viebrock wrote:> I''m noticing some weirdness in my ulog files with version 2.0.10. Here > is a portion of the log: > > Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 > DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP > SPT=631 DPT=631 LEN=77 > Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 > DST=192.168.0.255 LEN=108 TOS=00 PREC=0x00 TTL=64 ID=44156 CE PROTO=UDP > SPT=631 DPT=631 LEN=88 > > Specifically, it''s the "AllowWOL" portion of the output that bothers > me, since these aren''t log entries from the AllowWOL action, but from > the AllowIPP action. > > Background: > > My /etc/shorewall/rules has the following (relevant) entries: > > ... > > AllowPing:ULOG fw all > > AllowWOL:ULOG loc all > AllowWOL:ULOG fw all > > ... > > AllowIPP loc loc > AllowIPP fw loc > AllowIPP loc fw > > ... > > > The AllowPing is the standard action, and is the only other ULOG-ed rule. > > The custom action.AllowWOL is: > > # This action accepts ''wake-on-LAN'' requests. > > ######################################################################## # > #TARGET SOURCE DEST PROTO DEST SOURCE RATE > USER/ > # PORT PORT(S) LIMIT > GROUP > ACCEPT - - udp 9 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > And action.AllowIPP is: > > # This action accepts IPP (Rendezvous printing) traffic. > > ######################################################################## # > #TARGET SOURCE DEST PROTO DEST SOURCE RATE > USER/ > # PORT PORT(S) LIMIT > GROUP > ACCEPT - - udp 631 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > I have several other "custom" actions as well, but I don''t think those > are relevant. > > My question is why do the logs show "AllowWOL" instead of "AllowIPP", > which is the rule that is actually triggering the log entry? And, in > fact, why are these AllowIPP entries being logged at all, since I don''t > specify that in /etc/shorewall/rules? >Output of "shorewall status" as an attachment, please. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Colin Viebrock wrote: > >>I''m noticing some weirdness in my ulog files with version 2.0.10. Here >>is a portion of the log:> > Output of "shorewall status" as an attachment, please. >Nevermind -- this is just the wierd way that logging with actions works in 2.0. If you upgrade to 2.2.0 RC4, it will work the way that you expect it to. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Tom Eastep wrote: > >>Colin Viebrock wrote: >> >> >>>I''m noticing some weirdness in my ulog files with version 2.0.10. Here >>>is a portion of the log: > > >>Output of "shorewall status" as an attachment, please. >> > > > > Nevermind -- this is just the wierd wayMake that "... weird way ... " ("i" before "e" except after "c" and in other wierd cases :-) ) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Fri, 2005-01-07 at 09:13 -0800, Tom Eastep wrote:> Make that "... weird way ... " ("i" before "e" except after "c" and in > other wierd cases :-) ) > > -Tomhmm. So according to the whole rhyme: "i" before "e" except after "c" or when sounding like "a" as in "neighbor" or "weigh" "weird" should be pronounced "wared" :) Don''t you just LOVE the English language? 20 exceptions to every rule. (yes, my mother was an English teacher) hehe. Mark II
Mark II wrote on 07/01/2005 16:03:38:> On Fri, 2005-01-07 at 09:13 -0800, Tom Eastep wrote: > > > Make that "... weird way ... " ("i" before "e" except after "c" and in > > other wierd cases :-) ) > > > > -Tom > > hmm. > So according to the whole rhyme: > > "i" before "e" except after "c" or when sounding like "a" as in > "neighbor" or "weigh" > > "weird" should be pronounced "wared" > > :) > > Don''t you just LOVE the English language? > 20 exceptions to every rule. > (yes, my mother was an English teacher) > hehe. > > > Mark IIfor me, as a foreigner (how to pronounce it?), english is a dictionary. I try to never say a word before reading its fonetics. Everytime I do it the other way, I am corrected by an english native speaker. Now I see you english native speakers have the problem the other way around. Knowing how to speak every word, you need to learn how to write it. Yes, and I really love english... cheers, Eduardo
Reasonably Related Threads
- help seeing DMZ from LOC
- shorewall 2.0.3a, (ULOG) doesn''t log anything
- [PATCH] A default log level of ULOG is ignored by the shorewall-perl compiler (but not by shorewall-shell)
- ulog support in shorewall?
- [Bug 986] New: ulogd fails to build against linux headers >= 3.17.0 due to ULOG target removal